Sasser itself is vulnerable to a buffer overflow

By Roger on May 10, 2004 1:06 PM |

A buffer overflow has been discovered in the FTP server used by the sasser worm. An infected computer sets up a FTP server on an obscure port so the machines it attacks will connect back on that port. This port is what is vulnerable to a buffer overflow.

The F-Secure weblog points out that this is a bit of overkill since a machine infected with Sasser is likely still vulnerable to the LSASS exploit anyway. So its not clear if this is just a point of amusement, or if there really is a large segment of machines that got patched but were already infected.

This may be part of the ongoing snipeing between the netsky writer or writers and mydoom.

Categories

Antivirus

Tags

About this Entry

This page contains a single entry by Roger published on May 10, 2004 1:06 PM.

Sasser Author Busted? was the previous entry in this blog.

Sasser Lessons Learned is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search