FTP: IIS Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the IIS 5.0 FTPd. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Microsoft IIS is prone to a remote stack-based buffer-overflow vulnerability affecting the application's FTP server. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following: IIS 5.0 IIS 5.1 IIS 6.0 (denial of service only) IIS 7.0 (denial of service only) Note that Microsoft IIS 7.0 with FTP Service 7.5 is not affected. Other versions may also be affected. NOTE: This issue cannot be exploited to execute arbitrary code on IIS 6.0 or 7.0. NOTE (September 1, 2009): This issue can be exploited to execute arbitrary code with SYSTEM-level privileges on IIS 5.0. UPDATE (September 8, 2009); This issue may be related to a vulnerability reported in 1999 affecting IIS 3 and IIS 4. We will update this BID as more details emerge.
Affected Products
Microsoft iis
Short Name
FTP:MS-FTP:IIS-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
Buffer CVE-2009-3023 IIS Overflow bid:36189
Release Date
09/01/2009
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3730
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3