SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Microsoft Internet Information Server (IIS) FTP Server Vendors:   Microsoft
Microsoft IIS FTP Server Lets Remote Users Deny Service
SecurityTracker Alert ID:  1024921
SecurityTracker URL:  http://securitytracker.com/id/1024921
CVE Reference:   CVE-2010-3972   (Links to External Site)
Updated:  Mar 9 2011
Original Entry Date:  Dec 22 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 7.0, 7.5
Description:   A vulnerability was reported in Microsoft IIS FTP Server. A remote user can cause denial of service conditions.

A remote user can send specially crafted data via FTP to trigger a memory corruption error and cause the target FTP service to crash.

The original advisory is available at:

http://www.exploit-db.com/exploits/15803/

Matthew Bergin reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued the following fixes:

Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Microsoft FTP Service 7.0 for IIS 7.0:

http://www.microsoft.com/downloads/details.aspx?familyid=C09CCC72-8F94-416B-9A7F-ED16E90342A2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Microsoft FTP Service 7.0 for IIS 7.0:

http://www.microsoft.com/downloads/details.aspx?familyid=E88D072F-0F5F-4C85-AD2F-91B9B8BF6B3A

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Microsoft FTP Service 7.0 for IIS 7.0:

http://www.microsoft.com/downloads/details.aspx?familyid=3cc55af7-5cd9-4923-8ec5-462ff201d734

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Microsoft FTP Service 7.0 for IIS 7.0:

http://www.microsoft.com/downloads/details.aspx?familyid=f485b30d-dcaf-47c3-ac62-982b14670a1f

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1, Microsoft FTP Service 7.5 for IIS 7.5:

http://www.microsoft.com/downloads/details.aspx?familyid=9DABD1D1-3F1E-46D1-B171-AAFD3F08D291

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Microsoft FTP Service 7.5 for IIS 7.5:

http://www.microsoft.com/downloads/details.aspx?familyid=66FB4EFE-BCD3-4E90-8E35-B013E014A952

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1, Microsoft FTP Service 7.5 for IIS 7.5:

http://www.microsoft.com/downloads/details.aspx?familyid=1E075F57-1723-4933-9B8E-7BCE4A44A1C1

Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Microsoft FTP Service 7.5 for IIS 7.5:

http://www.microsoft.com/downloads/details.aspx?familyid=BFDDD539-C64F-4467-88EE-6BDFE645B478

A restart is not required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx

The vendor's original advisory is available at:

http://blogs.technet.com/b/srd/archive/2010/12/22/assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx

Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2008), Windows (7), Windows (Vista)
Underlying OS Comments:  Vista SP2, 2008 SP2, 2008 R2, 7

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC