Microsoft warns of vulnerability in Internet Information Services
According to Microsoft, IIS versions 5.0, 5.1 and 6.0 for Windows 2000, XP and Server 2003 are affected. IIS 7, for use under Vista and Server 2008, is not vulnerable. For the vulnerability to be exploitable, administrators must have activated write access for guest users. The vulnerability is harder to exploit in version 6, as this version is compiled using the /GS compiler option, which activates stack cookies. Stack cookies are placed on the stack between parameters and checked regularly. If an attacker overwrites a cookie, for example by exploiting a buffer overflow, the program is terminated. This results in a program crash, but prevents intrusion.
Microsoft's suggested workaround is interesting – setting access rights to the NTFS file system in the root directory of the FTP server such that FTP users are no longer able to create directories is apparently sufficient to avert the danger. The published exploit first creates a directory with a specific name and then triggers the bug using the NLST (name listing) command. Alternatively, administrators can, as previously mentioned, just block write access for untrusted FTP users.
Copyright 2011. Site powered by Bitdefender