Windows : Microsoft Bulletins : Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900874

Categoría: Windows : Microsoft Bulletins

Título: Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-053.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-053.

Vulnerability Insight:
- This issue is caused by an error when processing directory listing commands
including the '*' character and '../' sequences, which could be exploited to exhaust the stack.

- An heap-based buffer overflow error occurs in the FTP service when processing
a specially crafted 'NLST' command.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary code with
SYSTEM privileges which may result Denial of Service on the affected server.

Affected Software/OS:
Microsoft Internet Information Services (IIS) 5.0/5/1/6.0.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2521
Cert/CC Advisory: TA09-286A
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html
Microsoft Security Bulletin: MS09-053
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053
Microsoft Knowledge Base article: 975191
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508
Common Vulnerability Exposure (CVE) ID: CVE-2009-3023
BugTraq ID: 36189
http://www.securityfocus.com/bid/36189
CERT/CC vulnerability note: VU#276653
http://www.kb.cert.org/vuls/id/276653
http://www.exploit-db.com/exploits/9541
http://www.exploit-db.com/exploits/9559
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080
http://www.vupen.com/english/advisories/2009/2481

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900874
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-053.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-053. Vulnerability Insight: - This issue is caused by an error when processing directory listing commands including the '*' character and '../' sequences, which could be exploited to exhaust the stack. - An heap-based buffer overflow error occurs in the FTP service when processing a specially crafted 'NLST' command. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code with SYSTEM privileges which may result Denial of Service on the affected server. Affected Software/OS: Microsoft Internet Information Services (IIS) 5.0/5/1/6.0. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2521 Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html Microsoft Security Bulletin: MS09-053 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053 Microsoft Knowledge Base article: 975191 http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508 Common Vulnerability Exposure (CVE) ID: CVE-2009-3023 BugTraq ID: 36189 http://www.securityfocus.com/bid/36189 CERT/CC vulnerability note: VU#276653 http://www.kb.cert.org/vuls/id/276653 http://www.exploit-db.com/exploits/9541 http://www.exploit-db.com/exploits/9559 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080 http://www.vupen.com/english/advisories/2009/2481
Copyright	Copyright (C) 2009 Greenbone AG