Ravens PHP Scripts

Microsoft IIS FTP Server Pre-Authentication Memory Corruption
Date: Wednesday, December 22, 2010 @ 21:08:13 PST
Topic: Security


SECUNIA ADVISORY ID: SA42713

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42713/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-23

DESCRIPTION: Matthew Bergin has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is confirmed in a fully patched IIS 7.5 for Windows 7 Professional. Other versions may also be affected.



The vulnerability is caused due to an error when processing FTP requests and can be exploited to corrupt memory via an overly long, specially crafted request. Successful exploitation may allow execution of arbitrary code.

SOLUTION: Restrict traffic to the FTP service.

PROVIDED AND/OR DISCOVERED BY: Matthew Bergin

ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15803/






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3876