Details of VAR-200909-0359

ID

VAR-200909-0359

CVE

CVE-2009-2521

TITLE

Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow

Trust: 0.8

sources: CERT/CC: VU#276653

DESCRIPTION

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability.". The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker can exploit this issue to terminate the affected application, denying service to legitimate users. This issue affects the following: IIS 5.0 IIS 5.1 IIS 6.0 IIS 7.0 NOTE: Microsoft IIS 7.0 with FTP Service 7.5 is not affected by this issue. Other versions may also be affected. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. The vulnerability is caused due to an error when processing recursive directory listing requests. This can be exploited to cause a stack overflow and crash the FTP service via a specially crafted request containing wildcard characters (e.g. Successful exploitation requires that at least one directory is placed under the FTP root. The vulnerability is confirmed in IIS 5.1 for Windows XP SP3 and in IIS 6.0 for Windows Server 2003, and additionally reported in IIS 5.0 and 7.0. SOLUTION: Restrict access to trusted users only. Users of IIS 7.0 can optionally upgrade the FTP service to version 7.5. Microsoft FTP Service 7.5 for IIS 7.0 (x86): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b7f5b652-8c5c-447a-88b8-8cfc5c13f571 Microsoft FTP Service 7.5 for IIS 7.0 (x64): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ffb7c167-279e-48d3-8169-dea85784c4d1 PROVIDED AND/OR DISCOVERED BY: Kingcope ORIGINAL ADVISORY: Kingcope: http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html Microsoft: http://www.microsoft.com/technet/security/advisory/975191.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-286A Microsoft Updates for Multiple Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows and Windows Server * Microsoft Internet Explorer * Microsoft Office * Microsoft .NET Framework * Microsoft Silverlight * Microsoft SQL Server * Microsoft Developer Tools * Microsoft Forefront Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront. I. Description Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront. These bulletins are described in the Microsoft Security Bulletin Summary for October 2009. II. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for October 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for October 2009 - <http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-286A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-286A Feedback VU#788021" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History October 13, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBStTKrtucaIvSvh1ZAQL82wf+PgEKeQvhJ5HQGJ3S0/VzCP7/PzauiWrW Zm/l1mlzOpp6F81G35xHfnOXJ9pY5/rv5Ez80ME8mQrYi8K0IHiA24mHBXu9vFSk crtGkpGGqvrPRxJbuC+otsy8wtYzAu6fa6np3FF+fGFCvhAuf5kzfEMHR79BNC4A 04Lz7zJvO+7w+y4mt4lbfc7FJnoPm5kIFu3hQV2KmsnATipYUB8gVVqb6mpkCsbR aIbgKdyXFWeLiQVPN3bwUt4yE0FnpWT89eZCANdFtOSHVl2ff3cumR9YB1mHDUbQ 8qomBgx1goC2DlRRcX0EpyJp1+4fLl1pnuHD1Qtt1LTYyZ+sTq566g== =sbjN -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2009-2521 // CERT/CC: VU#276653 // JVNDB: JVNDB-2009-002073 // BID: 36273 // PACKETSTORM: 80892 // PACKETSTORM: 81005 // PACKETSTORM: 81977

AFFECTED PRODUCTS

vendor:	microsoft	model:	iis	scope:	eq	version:	7.0	Trust: 1.7
vendor:	microsoft	model:	iis	scope:	eq	version:	6.0	Trust: 1.7
vendor:	microsoft	model:	iis	scope:	eq	version:	5.0	Trust: 1.7
vendor:	microsoft	model:	iis	scope:	eq	version:	5.1	Trust: 1.1
vendor:	microsoft	model:	internet information services	scope:	lte	version:	7.0	Trust: 1.0
vendor:	microsoft	model:	internet information services	scope:	gte	version:	5.0	Trust: 1.0
vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	microsoft	model:	iis	scope:	ne	version:	7.5	Trust: 0.3

sources: CERT/CC: VU#276653 // BID: 36273 // JVNDB: JVNDB-2009-002073 // CNNVD: CNNVD-200909-069 // NVD: CVE-2009-2521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2521
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#276653
value:	20.81
Trust: 0.8
NVD:	CVE-2009-2521
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200909-069
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2009-2521
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2009-2521
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: CERT/CC: VU#276653 // JVNDB: JVNDB-2009-002073 // CNNVD: CNNVD-200909-069 // NVD: CVE-2009-2521

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2009-002073 // NVD: CVE-2009-2521

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-069

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200909-069

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002073

PATCH

title:	975191	url:	http://www.microsoft.com/technet/security/advisory/975191.mspx	Trust: 0.8
title:	MS09-053	url:	http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx	Trust: 0.8
title:	975191	url:	http://www.microsoft.com/japan/technet/security/advisory/975191.mspx	Trust: 0.8
title:	MS09-053	url:	http://www.microsoft.com/japan/technet/security/bulletin/ms09-053.mspx	Trust: 0.8
title:	MS09-053e	url:	http://www.microsoft.com/japan/security/bulletins/MS09-053e.mspx	Trust: 0.8
title:	TA09-286A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta09-286a.html	Trust: 0.8

sources: JVNDB: JVNDB-2009-002073

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2521	Trust: 2.7
db:	USCERT	id:	TA09-286A	Trust: 2.5
db:	CERT/CC	id:	VU#276653	Trust: 1.7
db:	BID	id:	36273	Trust: 1.1
db:	EXPLOIT-DB	id:	9541	Trust: 0.9
db:	SECUNIA	id:	36594	Trust: 0.9
db:	USCERT	id:	SA09-286A	Trust: 0.8
db:	VUPEN	id:	ADV-2009-2542	Trust: 0.8
db:	JVNDB	id:	JVNDB-2009-002073	Trust: 0.8
db:	CNNVD	id:	CNNVD-200909-069	Trust: 0.6
db:	SECUNIA	id:	36443	Trust: 0.3
db:	PACKETSTORM	id:	80892	Trust: 0.1
db:	PACKETSTORM	id:	81005	Trust: 0.1
db:	PACKETSTORM	id:	81977	Trust: 0.1

sources: CERT/CC: VU#276653 // BID: 36273 // JVNDB: JVNDB-2009-002073 // PACKETSTORM: 80892 // PACKETSTORM: 81005 // PACKETSTORM: 81977 // CNNVD: CNNVD-200909-069 // NVD: CVE-2009-2521

REFERENCES

url:	http://www.us-cert.gov/cas/techalerts/ta09-286a.html	Trust: 2.4
url:	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Trust: 1.7
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Trust: 1.6
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6508	Trust: 1.6
url:	http://www.microsoft.com/technet/security/advisory/975191.mspx	Trust: 1.2
url:	http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq975191	Trust: 1.0
url:	http://milw0rm.com/exploits/9541	Trust: 0.9
url:	http://www.kb.cert.org/vuls/id/276653	Trust: 0.9
url:	http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2521	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20091014-ms09-053.html	Trust: 0.8
url:	http://jvn.jp/cert/jvnta09-286a/	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu276653/index.html	Trust: 0.8
url:	http://jvn.jp/tr/jvntr-2009-23/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2521	Trust: 0.8
url:	http://secunia.com/advisories/36594	Trust: 0.8
url:	http://www.securityfocus.com/bid/36273	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa09-286a.html	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2009/2542	Trust: 0.8
url:	http://www.cyberpolice.go.jp/#topics	Trust: 0.8
url:	/archive/1/506256	Trust: 0.6
url:	http://support.microsoft.com/default.aspx?scid=kb;[ln];q975191	Trust: 0.6
url:	http://www.microsoft.com/windowsserver2003/iis/default.mspx	Trust: 0.3
url:	http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx	Trust: 0.3
url:	http://blogs.technet.com/msrc/archive/2009/09/03/microsoft-security-advisory-975191-revised.aspx	Trust: 0.3
url:	http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx	Trust: 0.3
url:	http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/36443/	Trust: 0.1
url:	http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=ffb7c167-279e-48d3-8169-dea85784c4d1	Trust: 0.1
url:	http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=b7f5b652-8c5c-447a-88b8-8cfc5c13f571	Trust: 0.1
url:	http://secunia.com/advisories/36594/	Trust: 0.1
url:	http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta09-286a.html>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://technet.microsoft.com/en-us/wsus/default.aspx>	Trust: 0.1

CREDITS

Nikolaos Rangos

Trust: 0.6

sources: CNNVD: CNNVD-200909-069

SOURCES

db:	CERT/CC	id:	VU#276653
db:	BID	id:	36273
db:	JVNDB	id:	JVNDB-2009-002073
db:	PACKETSTORM	id:	80892
db:	PACKETSTORM	id:	81005
db:	PACKETSTORM	id:	81977
db:	CNNVD	id:	CNNVD-200909-069
db:	NVD	id:	CVE-2009-2521

LAST UPDATE DATE

2024-11-23T20:17:05.385000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#276653	date:	2009-09-02T00:00:00
db:	BID	id:	36273	date:	2009-10-13T20:58:00
db:	JVNDB	id:	JVNDB-2009-002073	date:	2009-10-30T00:00:00
db:	CNNVD	id:	CNNVD-200909-069	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2009-2521	date:	2024-11-21T01:05:04.427

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#276653	date:	2009-08-31T00:00:00
db:	BID	id:	36273	date:	2009-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2009-002073	date:	2009-10-07T00:00:00
db:	PACKETSTORM	id:	80892	date:	2009-09-01T07:26:38
db:	PACKETSTORM	id:	81005	date:	2009-09-04T15:24:55
db:	PACKETSTORM	id:	81977	date:	2009-10-14T18:32:45
db:	CNNVD	id:	CNNVD-200909-069	date:	2009-09-04T00:00:00
db:	NVD	id:	CVE-2009-2521	date:	2009-09-04T10:30:01.907