Executive Summary
Summary | |
---|---|
Title | Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#276653 | First vendor Publication | 2009-08-31 |
Vendor | VU-CERT | Last vendor Modification | 2009-09-02 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#276653Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflowOverviewThe Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system.I. DescriptionIIS is a web server that comes with Microsoft Windows. IIS also includes FTP server functionality. The IIS FTP server fails to properly parse specially-crafted directory names. By issuing an FTP NLST (NAME LIST) command on a specially-named directory, an attacker may cause a stack buffer overflow. The attacker can create the specially-named directory if FTP is configured to allow write access using Anonymous account or another account that is available to the attacker.II. ImpactA remote attacker may be able to execute arbitrary code on a vulnerable server. For servers that allow anonymous file uploads, the attacker would typically be unauthenticated.III. SolutionWe are currently unaware of a practical solution to this problem. Please consider the workarounds listed in Microsoft Security Advisory (975191), which include:Disable anonymous FTP write access
References
This vulnerability was publicly disclosed by Kingcope. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/276653 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6080 | |||
Oval ID: | oval:org.mitre.oval:def:6080 | ||
Title: | IIS FTP Service RCE and DoS Vulnerability | ||
Description: | Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3023 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Information Server (IIS) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft IIS FTP Server NLST Command Remote Overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-15 | Name : Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) File : nvt/secpod_ms09-053.nasl |
2009-09-02 | Name : Microsoft IIS FTPd NLST stack overflow File : nvt/microsoft-iis-nlst-stack-overflow.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57589 | Microsoft IIS FTP Server NLST Command Remote Overflow A remote overflow exists in IIS 5.0. IIS 5.0 fails to execute arbitrary code resulting in a stack based buffer overflow. With a specially crafted request, an attacker can cause Remote access or DoS. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-15 | IAVM : 2009-B-0052 - Microsoft FTP Service for Internet Information Services (IIS) Remote Code Exe... Severity : Category I - VMSKEY : V0021742 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | NLST overflow attempt RuleID : 2374-community - Revision : 19 - Type : PROTOCOL-FTP |
2014-01-10 | NLST overflow attempt RuleID : 2374 - Revision : 19 - Type : PROTOCOL-FTP |
2018-10-17 | Multiple Products FTP MKD buffer overflow attempt RuleID : 23055-community - Revision : 10 - Type : PROTOCOL-FTP |
2014-01-10 | Multiple Products FTP MKD buffer overflow attempt RuleID : 23055 - Revision : 10 - Type : PROTOCOL-FTP |
2014-01-10 | MKD overflow attempt RuleID : 1973-community - Revision : 31 - Type : PROTOCOL-FTP |
2014-01-10 | MKD overflow attempt RuleID : 1973 - Revision : 31 - Type : PROTOCOL-FTP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-10-13 | Name : The remote anonymous FTP server seems vulnerable to an arbitrary code executi... File : iis5_ftp_overflow.nasl - Type : ACT_DENIAL |
2009-10-13 | Name : The remote FTP server is affected by multiple vulnerabilities. File : smb_nt_ms09-053.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:00 |
|
2014-02-17 12:07:41 |
|
2014-01-19 21:31:03 |
|
2013-05-11 00:56:59 |
|