FTP: Microsoft FTP Service STAT Globbing Denial of Service
This signature detects denial-of-service (DoS) attempts against Microsoft FTP Service in Microsoft IIS 4.0 and 5.0. Attackers who have previously established an FTP session can send glob charaters within a maliciously crafted status request to crash the server.
Extended Description
A vulnerability has been identified in the way Microsoft Internet Information Server's FTP service handles certain requests for transfer status. The condition is present when a request is made for the FTP transfer status is made via the STAT command. A client issuing this command with a large number of file globbing characters as the argument may cause the service to crash. On IIS 4.0 servers, the service must be manually restarted. On IIS 5.0 and 5.1 servers, the service will restart itself automatically. A number of Cisco products are affected by this vulnerability, although this issue is not present in the Cisco products themselves.
Affected Products
Microsoft iis
Short Name
FTP:MS-FTP:STAT-GLOB
Severity
Minor
Recommended
False
Recommended Action
None
Category
FTP
Keywords
CA-2002-09 CVE-2002-0073 Denial FTP Globbing Microsoft STAT Service bid:4482 of
Release Date
04/25/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Cisco
Microsoft
CVSS Score
5.0