Secunia Security Advisory - Kingcope has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious users to cause a DoS (Denial of Service).
b1e14e81d368b8be974f137c100600c537ca25f5d91f3390f88f4711c2d67cb1
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
https://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Microsoft IIS FTP Server Recursive Listing Denial of Service
SECUNIA ADVISORY ID:
SA36594
VERIFY ADVISORY:
https://secunia.com/advisories/36594/
DESCRIPTION:
Kingcope has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which can be exploited by malicious users
to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing recursive
directory listing requests. This can be exploited to cause a stack
overflow and crash the FTP service via a specially crafted request
containing wildcard characters (e.g. "*").
Successful exploitation requires that at least one directory is
placed under the FTP root.
The vulnerability is confirmed in IIS 5.1 for Windows XP SP3 and in
IIS 6.0 for Windows Server 2003, and additionally reported in IIS 5.0
and 7.0.
SOLUTION:
Restrict access to trusted users only.
Users of IIS 7.0 can optionally upgrade the FTP service to version
7.5.
Microsoft FTP Service 7.5 for IIS 7.0 (x86):
https://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b7f5b652-8c5c-447a-88b8-8cfc5c13f571
Microsoft FTP Service 7.5 for IIS 7.0 (x64):
https://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ffb7c167-279e-48d3-8169-dea85784c4d1
PROVIDED AND/OR DISCOVERED BY:
Kingcope
ORIGINAL ADVISORY:
Kingcope:
https://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html
Microsoft:
https://www.microsoft.com/technet/security/advisory/975191.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------