Microsoft IIS FTP Vulnerability

Vulnerability has been found in Microsoft Internet Information Services FTP server that can allow a remote attacker to potentially execute arbitrary code.   IIS FTP servers that allow anonymous users write access can potentially be affected due to a boundary error when the server processes NLST commands.  There is no solution to this problem at this time.  Workarounds suggested are to not allow anonymous users write access.

For more information see the links below:

https://www.kb.cert.org/vuls/id/276653
http://secunia.com/advisories/36443/

Posted by Brad Graves on September 01, 2009, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.