Microsoft IIS FTP Server NLST Command Remote Overflow

2009-09-03T00:00:00
ID SAINT:4EB4CF34422D02BCBF715C4ACFAC8C99
Type saint
Reporter SAINT Corporation
Modified 2009-09-03T00:00:00

Description

Added: 09/03/2009
CVE: CVE-2009-3023
BID: 36189
OSVDB: 57589

Background

Microsoft Internet Information Server (IIS) includes a web server and an FTP server.

Problem

A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users to execute arbitrary code in IIS 5 and to cause a denial of service in IIS 6.0.

Resolution

Apply the relevant Microsoft patch when it becomes available.

References

<http://www.securityfocus.com/bid/36189>

Limitations

The FTP site directory must be writable and a valid user account must be provided.

Exploit works on IIS 5.0 on Windows 2000 SP4 English.

Platforms

Windows 2000