Wednesday, September 2, 2009

CERT-In Vulnerability Note CIVN-2009-107

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Microsoft IIS FTP Buffer Overflow Vulnerability
http://172.17.10.50/vulnerability/civn-2009-107.htm

Original Issue Date: September 01, 2009

Severity Rating : Medium

System Affected

Microsoft Internet Information Server (IIS) 5.0
Microsoft Internet Information Server (IIS) 6.0

Overview

A vulnerability has been identified in Microsoft Internet Information
Server (IIS), which could be exploited by a remote, authenticated attacker
to execute arbitrary code on a vulnerable system.

Description

This issue is caused by a buffer overflow error in the FTP service when
processing an NLST (NAME LIST) command on a specially-named directory. This
could allow a remote, authenticated attacker with write access, to crash an
affected server or execute arbitrary code with SYSTEM privileges by using
the Anonymous account or another account that is available to the attacker.

Workaround

Disable anonymous write access to IIS FTP server

References

US-CERT
http://www.kb.cert.org/vuls/id/276653

VUPEN Security
http://www.vupen.com/english/advisories/2009/2481
Disclaimer

The information provided herein is on "as is" basis, without warranty of
any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSp4TeHWXeYNsoT30AQrF5QgAiC0uf+knx/0xUVLoA+qL4B325ij3F/ag
rAMwIOtTEo3cBn73PgaowC9B2HBiQ5V4QLxjP/ShBI7VT6KTRbfE82h1xpkdJGqV
Bx7xi6FIVw4cUg5gh4qJ4Qzt7p8RT/sRx9/9rqjz6IpzaK3W4kSE3AGYPch92AX+
YEN3lR5KRniPaN51LpHD0Ih5H8/IDS2wfrIAMxx+/zkGVpSXfmLlomuUvMze/6t+
J584Xe+52tApccRzkXb9SH8czj/8Osx0WUjZ9HOqbeHG7VhCBdBGxTnrWQuTHuOv
QdG6P8GVDDPXAr6ml8DIMiAIZ/rtsM01BPQo5IjIP1C7xZgiio8mwQ==
=/k3Y
-----END PGP SIGNATURE-----

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)