Vulnerability Note VU#276653
Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow
The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.
IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server functionality. The IIS FTP server fails to properly parse specially-crafted directory names. By issuing an FTP NLST (NAME LIST) command on a specially-named directory, an attacker may cause a stack buffer overflow. The attacker can create the specially-named directory if FTP is configured to allow write access using Anonymous account or another account that is available to the attacker.
A remote, authenticated attacker may be able to execute arbitrary code on a vulnerable server.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable anonymous FTP write access
Configuring IIS to disallow write access to anonymous FTP users will limit the ability of the attacker to create a directory that can trigger this vulnerability.
Vendor Status Date Notified Date Updated
Microsoft Corporation Vulnerable 2009-08-31
This vulnerability was publicly disclosed by Kingcope.
This document was written by Will Dormann.
Date Public: 2009-08-31
Date First Published: 2009-08-31
Date Last Updated: 2009-08-31
US-CERT Technical Alerts:
Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Information By: http://www.kb.cert.org/vuls/id/276653