Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 SecPodOPENVAS:900874
HistoryOct 15, 2009 - 12:00 a.m.

Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)

2009-10-1500:00:00
Copyright (C) 2009 SecPod
plugins.openvas.org
734

0.974 High

EPSS

Percentile

99.9%

JSON

This host is missing a critical security update according to
Microsoft Bulletin MS09-053.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms09-053.nasl 6605 2017-07-07 11:22:07Z cfischer $
#
# Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
#
# Authors:
# Sharath S <[email protected]>
#
# Updated By: Madhuri D <[email protected]> on 2010-11-25
#      - To detect file version 'ftpsvc2.dll' on vista and win 2008
#
# Updated Updated By: Antu Sanadi <[email protected]> on 2012-06-05
# - Updated to support GDR and LDR versions.
# - Removed get_file_version function.
# 
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will let the attacker execute arbitrary code with
  SYSTEM privileges which may result Denial of Service on the affected server.
  Impact Level: System/Application.";
tag_affected = "Microsoft Internet Information Server (IIS) 5.0/5/1/6.0";
tag_insight = "- This issue is caused by an error when processing directory listing commands
    including the '*' character and '../' sequences, which could be exploited
    to exhaust the stack.
  - An heap-based buffer overflow error occurs in the FTP service when processing
    a specially crafted 'NLST' command.";
tag_solution = "Run Windows Update and update the listed hotfixes or download and
  update mentioned hotfixes in the advisory from the below link.
  http://technet.microsoft.com/en-us/security/bulletin/MS09-053";
tag_summary = "This host is missing a critical security update according to
  Microsoft Bulletin MS09-053.";

if(description)
{
  script_id(900874);
  script_version("$Revision: 6605 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-07 13:22:07 +0200 (Fri, 07 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-10-15 15:35:39 +0200 (Thu, 15 Oct 2009)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2009-2521", "CVE-2009-3023");
  script_bugtraq_id(36273, 36189);
  script_name("Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)");
  script_xref(name : "URL" , value : "http://support.microsoft.com/kb/975254");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2009/2542");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2009/2481");
  script_xref(name : "URL" , value : "http://technet.microsoft.com/en-us/security/bulletin/MS09-053");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 SecPod");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_reg_enum.nasl", "secpod_ms_iis_ftpd_detect.nasl");
  script_mandatory_keys("MS/IIS-FTP/Installed", "SMB/WindowsVersion");
  script_require_ports(139, 445);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(!get_kb_item("MS/IIS-FTP/Installed")){
  exit(0);
}

if(hotfix_check_sp(xp:4, win2k:5, win2003:3, winVista:3, win2008:3) <= 0){
  exit(0);
}

# MS09-053 Hotfix check
if((hotfix_missing(name:"975254") == 0)){
  exit(0);
}

sysPath = smb_get_systemroot();
if(!sysPath ){
  exit(0);
}

dllVer = fetch_file_version(sysPath, file_name:"system32\inetsrv\ftpsvc2.dll");
if(!dllVer){
  exit(0);
}

# Windows 2K
if(hotfix_check_sp(win2k:5) > 0)
{ 
  # Grep for ftpsvc2.dll version < 5.0.2195.7336
  if(version_is_less(version:dllVer, test_version:"5.0.2195.7336"))
  {
    security_message(21);
    exit(0);
  }
}

# Windows XP
if(hotfix_check_sp(xp:4) > 0)
{
  SP = get_kb_item("SMB/WinXP/ServicePack");
  if("Service Pack 2" >< SP)
  {
    # Grep for ftpsvc2.dll < 6.0.2600.3624
    if(version_is_less(version:dllVer, test_version:"6.0.2600.3624")){
      security_message(21);
    }
    exit(0);
  }
  else if("Service Pack 3" >< SP)
  {
    # Grep for ftpsvc2.dll < 6.0.2600.5875
    if(version_is_less(version:dllVer, test_version:"6.0.2600.5875")){
     security_message(21);
    }
    exit(0);
  }
  security_message(21);
}

# Windows 2003
else if(hotfix_check_sp(win2003:3) > 0)
{
  SP = get_kb_item("SMB/Win2003/ServicePack");
  if("Service Pack 2" >< SP)
  {
    # Grep for ftpsvc2.dll version < 6.0.3790.4584
    if(version_is_less(version:dllVer, test_version:"6.0.3790.4584")){
      security_message(21);
    }
    exit(0);
  }
  security_message(21);
}

# Windows Vista
else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
{
  ## Check for the Vista and server 2008 without SP
  if(version_in_range(version:dllVer, test_version:"7.0.6000.16000", test_version2:"7.0.6000.16922") ||
     version_in_range(version:dllVer, test_version:"7.0.6000.20000", test_version2:"7.0.6000.21122"))
  {
    security_message(0);
    exit(0);
  }

  SP = get_kb_item("SMB/WinVista/ServicePack");
  if(!SP){
    SP = get_kb_item("SMB/Win2008/ServicePack");
  }

  if("Service Pack 1" >< SP)
  {
    if(version_in_range(version:dllVer, test_version:"7.0.6001.18000", test_version2:"7.0.6001.18326") ||
       version_in_range(version:dllVer, test_version:"7.0.6001.22000", test_version2:"7.0.6001.22515"))
    {
      security_message(0);
      exit(0);
    }
  }

  if("Service Pack 1" >< SP)
  {
    if(version_in_range(version:dllVer, test_version:"7.0.6002.18000", test_version2:"7.0.6002.18106") ||
       version_in_range(version:dllVer, test_version:"7.0.6002.22000", test_version2:"7.0.6002.22218"))
    {
      security_message(0);
      exit(0);
    }
  }
}

Related

openvas 4
checkpoint_advisories 2
nessus 2
securityvulns 1
cvelist 2
saint 4
canvas 1
cve 2
packetstorm 2
seebug 4
prion 2
myhack58 1
openvas
openvas
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
2009-10-15 00:00:00
Microsoft IIS FTPd NLST stack overflow
2009-09-02 00:00:00
Microsoft IIS FTP Server 'ls' Command DoS Vulnerability
2009-09-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft IIS FTP Server Recursive Listing Denial of Service (CVE-2009-2521; CVE-2009-3023)
2009-09-08 00:00:00
Preemptive Protection against Microsoft Internet Information Services FTP Server Remote Buffer Overflow Vulnerability (MS09-053)
2009-09-02 00:00:00
nessus
nessus
MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
2009-10-13 00:00:00
MS09-053: Microsoft IIS FTPd NLST Command Remote Buffer Overflow (975191) (uncredentialed check)
2009-10-13 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution &#40;975254&#41;
2009-10-13 00:00:00
cvelist
cvelist
CVE-2009-3023
2009-08-31 20:00:00
CVE-2009-2521
2009-09-04 10:00:00
saint
saint
Microsoft IIS FTP Server NLST Command Remote Overflow
2009-09-03 00:00:00
Microsoft IIS FTP Server NLST Command Remote Overflow
2009-09-03 00:00:00
Microsoft IIS FTP Server NLST Command Remote Overflow
2009-09-03 00:00:00
canvas
canvas
Immunity Canvas: IISFTP_NLST
2009-08-31 20:30:00
cve
cve
CVE-2009-3023
2009-08-31 20:30:00
CVE-2009-2521
2009-09-04 10:30:00
packetstorm
packetstorm
Microsoft IIS FTP Server NLST Response Overflow
2010-10-06 00:00:00
Microsoft IIS FTP Server 7.0 Stack Exhaustion
2011-07-03 00:00:00
seebug
seebug
Microsoft IIS FTPd服务NLST命令远程栈溢出漏洞(MS09-053)
2009-10-16 00:00:00
Microsoft IIS FTPd服务NLST命令远程栈溢出漏洞
2009-09-02 00:00:00
Microsoft IIS FTP服务器递归列表拒绝服务漏洞(MS09-053)
2009-10-16 00:00:00
prion
prion
Buffer overflow
2009-08-31 20:30:00
Design/Logic Flaw
2009-09-04 10:30:00
myhack58
myhack58
Those years make us tremble in fear of the IIS vulnerability-vulnerability warning-the black bar safety net
2018-11-23 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:900874
openvas4checkpoint_advisories2nessus2securityvulns1cvelist2saint4canvas1cve2packetstorm2seebug4prion2myhack581