TECHNICAL BULLETIN
TECHNICAL BULLETIN
| PROBLEM: | Microsoft IIS is prone to a remote stack-based buffer-overflow vulnerability affecting the application's FTP server. |
| PLATFORM: | Microsoft IIS 5.0, Microsoft IIS 6.0 |
| ABSTRACT: | Buffer overflow in the FTP server in Microsoft IIS 5.0 and 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST command that uses wildcards. |
| LINKS: | |
| DOE-CIRC BULLETIN: | http://www.doecirc.energy.gov/bulletins/t-222.shtml |
| OTHER LINKS: |
Milw0rm Website http://www.milw0rm.com/exploits/9541 Security Focus Website http://www.securityfocus.com/bid/36189/info |
| CVE: |
CVE-2009-3023 |
| IMPACT ASSESSMENT: | This risk is medium. A remote attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. |
[***** Start CVE-2009-3023 *****] Discussion: Microsoft IIS is prone to a remote stack-based buffer-overflow vulnerability affecting the application's FTP server. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IIS 5.0 IIS 6.0 (denial of service only) Other versions may also be affected. NOTE: This issue cannot be exploited to execute arbitrary code on IIS 6.0. The following exploit code is available: http://downloads.securityfocus.com/vulnerabilities/exploits/36189.pl http://downloads.securityfocus.com/vulnerabilities/exploits/36189-2.pl Solution: Currently there are no vendor-supplied patches. [***** End CVE-2009-3023 *****]
Voice: 866-941-2472
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov