Login   |   Secure Purdue > News

Microsoft IIS FTP Vulnerability

Vulnerability has been found in Microsoft Internet Information Services FTP server that can allow a remote attacker to potentially execute arbitrary code.   IIS FTP servers that allow anonymous users write access can potentially be affected due to a boundary error when the server processes NLST commands.  There is no solution to this problem at this time.  Workarounds suggested are to not allow anonymous users write access.

For more information see the links below:

https://www.kb.cert.org/vuls/id/276653
http://secunia.com/advisories/36443/

Posted by Brad Graves on September 01, 2009, in Handlers Log.