Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:54344E071A068774A374DCE7F7795E80
HistorySep 03, 2009 - 12:00 a.m.

Microsoft IIS FTP Server NLST Command Remote Overflow

2009-09-0300:00:00
SAINT Corporation
download.saintcorporation.com
153

EPSS

0.971

Percentile

99.8%

JSON

Added: 09/03/2009
CVE: CVE-2009-3023
BID: 36189
OSVDB: 57589

Background

Microsoft Internet Information Server (IIS) includes a web server and an FTP server.

Problem

A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users to execute arbitrary code in IIS 5 and to cause a denial of service in IIS 6.0.

Resolution

Apply the relevant Microsoft patch when it becomes available.

References

<http://www.securityfocus.com/bid/36189&gt;

Limitations

The FTP site directory must be writable and a valid user account must be provided.

Exploit works on IIS 5.0 on Windows 2000 SP4 English.

Platforms

Windows 2000

Related

seebug 2
cvelist 1
metasploit 1
saint 3
canvas 1
cve 1
packetstorm 1
checkpoint_advisories 2
nessus 2
prion 1
openvas 3
nvd 1
exploitdb 1
securityvulns 1
myhack58 1
seebug
seebug
Microsoft IIS FTPd服务NLST命令远程栈溢出漏洞
2009-09-02 00:00:00
Microsoft IIS FTPd服务NLST命令远程栈溢出漏洞(MS09-053)
2009-10-16 00:00:00
cvelist
cvelist
CVE-2009-3023
2009-08-31 20:00:00
metasploit
metasploit
MS09-053 Microsoft IIS FTP Server NLST Response Overflow
2010-10-05 23:39:14
saint
saint
Microsoft IIS FTP Server NLST Command Remote Overflow
2009-09-03 00:00:00
Microsoft IIS FTP Server NLST Command Remote Overflow
2009-09-03 00:00:00
Microsoft IIS FTP Server NLST Command Remote Overflow
2009-09-03 00:00:00
canvas
canvas
Immunity Canvas: IISFTP_NLST
2009-08-31 20:30:00
cve
cve
CVE-2009-3023
2009-08-31 20:30:01
packetstorm
packetstorm
Microsoft IIS FTP Server NLST Response Overflow
2010-10-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Microsoft Internet Information Services FTP Server Remote Buffer Overflow Vulnerability (MS09-053)
2009-09-02 00:00:00
Microsoft IIS FTP Server Recursive Listing Denial of Service (CVE-2009-2521; CVE-2009-3023)
2009-09-08 00:00:00
nessus
nessus
MS09-053: Microsoft IIS FTPd NLST Command Remote Buffer Overflow (975191) (uncredentialed check)
2009-10-13 00:00:00
MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
2009-10-13 00:00:00
prion
prion
Buffer overflow
2009-08-31 20:30:00
openvas
openvas
Microsoft IIS FTPd NLST stack overflow
2009-09-02 00:00:00
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
2009-10-15 00:00:00
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
2009-10-15 00:00:00
nvd
nvd
CVE-2009-3023
2009-08-31 20:30:01
exploitdb
exploitdb
Microsoft IIS FTP Server - NLST Response Overflow (MS09-053) (Metasploit)
2010-11-12 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution &#40;975254&#41;
2009-10-13 00:00:00
myhack58
myhack58
Those years make us tremble in fear of the IIS vulnerability-vulnerability warning-the black bar safety net
2018-11-23 00:00:00

EPSS

0.971

Percentile

99.8%

JSON
Related for SAINT:54344E071A068774A374DCE7F7795E80
seebug2cvelist1metasploit1saint3canvas1cve1packetstorm1checkpoint_advisories2nessus2prion1openvas3nvd1exploitdb1securityvulns1myhack581