Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900874
Kategorie:Windows : Microsoft Bulletins
Titel:Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
Zusammenfassung:This host is missing a critical security update according to; Microsoft Bulletin MS09-053.
Beschreibung:Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-053.

Vulnerability Insight:
- This issue is caused by an error when processing directory listing commands
including the '*' character and '../' sequences, which could be exploited to exhaust the stack.

- An heap-based buffer overflow error occurs in the FTP service when processing
a specially crafted 'NLST' command.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary code with
SYSTEM privileges which may result Denial of Service on the affected server.

Affected Software/OS:
Microsoft Internet Information Services (IIS) 5.0/5/1/6.0.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: BugTraq ID: 36273
BugTraq ID: 36189
Common Vulnerability Exposure (CVE) ID: CVE-2009-2521
Cert/CC Advisory: TA09-286A
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html
Microsoft Security Bulletin: MS09-053
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053
Microsoft Knowledge Base article: 975191
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508
Common Vulnerability Exposure (CVE) ID: CVE-2009-3023
http://www.securityfocus.com/bid/36189
CERT/CC vulnerability note: VU#276653
http://www.kb.cert.org/vuls/id/276653
http://www.exploit-db.com/exploits/9541
http://www.exploit-db.com/exploits/9559
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080
http://www.vupen.com/english/advisories/2009/2481
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.