Vulnerability Note VU#276653
Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow
The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server functionality. The IIS FTP server fails to properly parse specially-crafted directory names. By issuing an FTP NLST (NAME LIST) command on a specially-named directory, an attacker may cause a stack buffer overflow. The attacker can create the specially-named directory if FTP is configured to allow write access using Anonymous account or another account that is available to the attacker.
A remote attacker may be able to execute arbitrary code on a vulnerable server. For servers that allow anonymous file uploads, the attacker would typically be unauthenticated.
We are currently unaware of a practical solution to this problem. Please consider the workarounds listed in Microsoft Security Advisory (975191), which include:
Disable anonymous FTP write access
Configuring IIS to disallow write access to anonymous FTP users will limit the ability of the attacker to create a directory that can trigger this vulnerability.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||02 Sep 2009|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by Kingcope.
This document was written by Will Dormann.
- CVE IDs: Unknown
- Date Public: 31 Aug 2009
- Date First Published: 31 Aug 2009
- Date Last Updated: 02 Sep 2009
- Severity Metric: 20.81
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.