Content
(MS09-053) IIS FTP Service DoS Vulnerability (975254)
- Type
- Logic error
- Impact of exploitation
- Denial of Service
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Low
- CVE reference
- CVE-2009-2521,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Iis 5.0,
- Iis 5.1,
- Iis 6.0,
- Iis 7.0,
- Summary
- A vulnerability in the Microsoft Internet Information Services (IIS) FTP Service may allow denial-of-service attacks.
Tab Navigation
Description
A vulnerability in the Microsoft Internet Information Services (IIS) FTP Service may allow denial-of-service attacks. The flaw is specific to the method used by the FTP server to handle list commands. An attacker can issue a specially-crafted list command to a vulnerable server to cause the service to become unresponsive (DoS) or restart.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-053) IIS FTP Service DoS Vulnerability (975254)
- Signature identifier:
- 7193
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- FTP: Microsoft IIS FTP Service DoS Vulnerability
- Signature identifier:
- 0x4050CA00
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
- Signature:
- (MS09-053) IIS FTP Service DoS Vulnerability (975254)
- Signature identifier:
- 7193
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
The V-Flash Release of 10/13/2009 contains the remedy for this vulnerability.
- Release date:
- 10/14/2009
Additional Resources
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx
All Information
Timeline -
10/13/2009
Vendor has provided a patch.
Description -
A vulnerability in the Microsoft Internet Information Services (IIS) FTP Service may allow denial-of-service attacks. The flaw is specific to the method used by the FTP server to handle list commands. An attacker can issue a specially-crafted list command to a vulnerable server to cause the service to become unresponsive (DoS) or restart.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-053) IIS FTP Service DoS Vulnerability (975254)
- Signature identifier:
- 7193
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- FTP: Microsoft IIS FTP Service DoS Vulnerability
- Signature identifier:
- 0x4050CA00
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
- Signature:
- (MS09-053) IIS FTP Service DoS Vulnerability (975254)
- Signature identifier:
- 7193
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
The V-Flash Release of 10/13/2009 contains the remedy for this vulnerability.
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx
