Security Updates : Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow

Vulnerability Note VU#276653
Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow
Overview
The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.

I. Description
IIS is a web server that comes with Microsoft Windows. IIS also includes FTP server functionality. The IIS FTP server fails to properly parse specially-crafted directory names. By issuing an FTP NLST (NAME LIST) command on a specially-named directory, an attacker may cause a stack buffer overflow. The attacker can create the specially-named directory if FTP is configured to allow write access using Anonymous account or another account that is available to the attacker.

II. Impact
A remote, authenticated attacker may be able to execute arbitrary code on a vulnerable server.

III. Solution
We are currently unaware of a practical solution to this problem. Please consider the following workarounds:
Disable anonymous FTP write access

Configuring IIS to disallow write access to anonymous FTP users will limit the ability of the attacker to create a directory that can trigger this vulnerability.
Systems Affected
Vendor Status Date Notified Date Updated
Microsoft Corporation Vulnerable   2009-08-31
References

http://milw0rm.com/exploits/9541

Credit
This vulnerability was publicly disclosed by Kingcope.
This document was written by Will Dormann.
Other Information
Date Public: 2009-08-31
Date First Published: 2009-08-31
Date Last Updated: 2009-08-31
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric: 20.81
Document Revision: 12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 
 
Information By: http://www.kb.cert.org/vuls/id/276653