Summary
The host is running Microsoft IIS with FTP server and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will allows remote authenticated users to crash the application leading to denial of service condition.
Impact Level: Application
Solution
Upgrade to IIS version 7.5
http://www.iis.net/
Insight
A stack consumption error occurs in the FTP server while processing crafted LIST command containing a wildcard that references a subdirectory followed by a .. (dot dot).
Affected
Microsoft Internet Information Services version 5.0 and 6.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html
- http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx
- http://blogs.technet.com/msrc/archive/2009/09/03/microsoft-security-advisory-975191-revised.aspx
- http://www.microsoft.com/technet/security/advisory/975191.mspx
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2521 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
- Wireshark PPP And NFS Dissector Denial of Service Vulnerabilities (Mac OS X)
- Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Win)
- Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Mac OS X)
- Wireshark SigComp Universal Decompressor Virtual Machine dissector DOS Vulnerability (Win)