Microsoft Internet Information Service (IIS) Vulnerable to FTP Attack
Thursday, September 3, 2009 at 4:45 pm
A critical flaw in the FTP component of Microsoft Internet Information Services (IIS) could allow an attacker to execute malicious commands on a server, Microsoft warned in a security advisory.
A safety study of Microsoft and send Defense, if a vulnerable IIS 5.0 (Windows 2000), 5.1 (XP) or 6.0 (Server 2003) FTP service attempts to register a “long, specially crafted directory name” a stack overflow will occur, which may allow execution of remote code. IIS 7.0 (Vista, Server 2008) is not vulnerable, according to the position.
To be affected, “an FTP server would need to grant users access non-secure to connect to that directory and create long specially prepared.”
There is still no patch available, and Microsoft says it has seen “detailed exploit” code available online, although he has not seen any active attacks. Ext Microsoft lists workarounds yet, including how to prevent anonymous FTP users to be able to create directories.
|
|
|
From World:
Got something to say?
You must be logged in to post a comment.
Todays news from IT News
- Greek Parliament Approves Austerity Measures Amid Clashes
- PM Yousuf Raza Gilani Charged With Contempt
- Gujarat Riots: High Court Slams Narendra Modi Govt For Failing
- Syria’s Homs Suffers ‘Heaviest’ Shelling
- Gilani Files Appeal In Contempt Case
Advertisement
Email Subscription
Advertisement
