Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.900874 |
Kategorie: | Windows : Microsoft Bulletins |
Titel: | Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254) |
Zusammenfassung: | This host is missing a critical security update according to; Microsoft Bulletin MS09-053. |
Beschreibung: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-053. Vulnerability Insight: - This issue is caused by an error when processing directory listing commands including the '*' character and '../' sequences, which could be exploited to exhaust the stack. - An heap-based buffer overflow error occurs in the FTP service when processing a specially crafted 'NLST' command. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code with SYSTEM privileges which may result Denial of Service on the affected server. Affected Software/OS: Microsoft Internet Information Services (IIS) 5.0/5/1/6.0. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
BugTraq ID: 36273 BugTraq ID: 36189 Common Vulnerability Exposure (CVE) ID: CVE-2009-2521 Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html Microsoft Security Bulletin: MS09-053 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053 Microsoft Knowledge Base article: 975191 http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508 Common Vulnerability Exposure (CVE) ID: CVE-2009-3023 http://www.securityfocus.com/bid/36189 CERT/CC vulnerability note: VU#276653 http://www.kb.cert.org/vuls/id/276653 http://www.exploit-db.com/exploits/9541 http://www.exploit-db.com/exploits/9559 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080 http://www.vupen.com/english/advisories/2009/2481 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |