Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) |
Informations | |||
---|---|---|---|
Name | MS09-053 | First vendor Publication | 2009-10-13 |
Vendor | Microsoft | Last vendor Modification | 2009-10-19 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (October 19, 2009): Removed the acknowledgments section. Corrected the affected software and severity tables to reclassify Windows XP Professional x64 Edition Service Pack 2 as running IIS 6.0.Summary: This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
50 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6080 | |||
Oval ID: | oval:org.mitre.oval:def:6080 | ||
Title: | IIS FTP Service RCE and DoS Vulnerability | ||
Description: | Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3023 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6508 | |||
Oval ID: | oval:org.mitre.oval:def:6508 | ||
Title: | IIS FTP Service DoS Vulnerability | ||
Description: | Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2521 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft IIS FTP Server NLST Command Remote Overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2011-07-03 | Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053] |
2010-11-12 | Microsoft IIS FTP Server NLST Response Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-15 | Name : Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) File : nvt/secpod_ms09-053.nasl |
2009-09-18 | Name : Microsoft IIS FTP Server 'ls' Command DOS Vulnerability File : nvt/secpod_ms_iis_ftpd_ls_dos_vuln.nasl |
2009-09-02 | Name : Microsoft IIS FTPd NLST stack overflow File : nvt/microsoft-iis-nlst-stack-overflow.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57753 | Microsoft IIS FTP Server Crafted Recursive Listing Remote DoS MS IIS contains a flaw that may allow a malicious user to cause a stack exhaustion. The issue is triggered when an ftp user issues a maliciously formed command. It is possible that the flaw may allow denial of service (DoS) resulting in a loss of availability. |
57589 | Microsoft IIS FTP Server NLST Command Remote Overflow A remote overflow exists in IIS 5.0. IIS 5.0 fails to execute arbitrary code resulting in a stack based buffer overflow. With a specially crafted request, an attacker can cause Remote access or DoS. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-15 | IAVM : 2009-B-0052 - Microsoft FTP Service for Internet Information Services (IIS) Remote Code Exe... Severity : Category I - VMSKEY : V0021742 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | NLST overflow attempt RuleID : 2374-community - Revision : 19 - Type : PROTOCOL-FTP |
2014-01-10 | NLST overflow attempt RuleID : 2374 - Revision : 19 - Type : PROTOCOL-FTP |
2018-10-17 | Multiple Products FTP MKD buffer overflow attempt RuleID : 23055-community - Revision : 10 - Type : PROTOCOL-FTP |
2014-01-10 | Multiple Products FTP MKD buffer overflow attempt RuleID : 23055 - Revision : 10 - Type : PROTOCOL-FTP |
2014-01-10 | MKD overflow attempt RuleID : 1973-community - Revision : 31 - Type : PROTOCOL-FTP |
2014-01-10 | MKD overflow attempt RuleID : 1973 - Revision : 31 - Type : PROTOCOL-FTP |
2014-01-10 | LIST globbing denial of service attack RuleID : 15932 - Revision : 9 - Type : PROTOCOL-FTP |
Metasploit Database
id | Description |
---|---|
2009-08-31 | MS09-053 Microsoft IIS FTP Server NLST Response Overflow |
2009-09-03 | Microsoft IIS FTP Server LIST Stack Exhaustion |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-10-13 | Name : The remote anonymous FTP server seems vulnerable to an arbitrary code executi... File : iis5_ftp_overflow.nasl - Type : ACT_DENIAL |
2009-10-13 | Name : The remote FTP server is affected by multiple vulnerabilities. File : smb_nt_ms09-053.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2016-03-04 13:24:17 |
|
2016-03-04 09:23:56 |
|
2014-02-17 11:46:21 |
|
2014-01-19 21:30:22 |
|
2013-11-11 12:41:13 |
|