MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by multiple vulnerabilities.

Description :

The remote host has a version of IIS whose FTP service is affected by
one or both of the following vulnerabilities :

- By sending specially crafted list commands to the
remote Microsoft FTP service, an attacker is able
to cause the service to become unresponsive.
(CVE-2009-2521)

- A flaw in the way the installed Microsoft FTP service
in IIS handles list commands can be exploited to
execute remote commands in the context of the
LocalSystem account with IIS 5.0 under Windows 2000 or
to cause the FTP server to stop and become unresponsive
with IIS 5.1 under Windows XP or IIS 6.0 under Windows
2003. (CVE-2009-3023)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS09-053

Solution :

Microsoft has released a set of patches for IIS 5.0, 5.1, 6.0, and
7.0.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 42109 ()

Bugtraq ID: 36273
36189

CVE ID: CVE-2009-2521
CVE-2009-3023