| Posted: 08-September-2009 at 10:29 | IP Logged
|
|
|
Alert
A security exploit based on an unchecked buffer in the Microsoft IIS5/6 (Windows 2000/2003/XP) has been discovered and publicly disclosed on 05/09/09.
The exploit leads to process crash of the entire IIS subsystem, including Web sites.
Microsoft has not released any comment or work-around in the interim.
Recommendation
Check IIS5 and IIS6 FTP deployments and ensure the following work around is in place:
Exploit:
Several proof of concept are available on the Internet
Running the ls "-R */../" command after login (anonymous or any user) will cause IIS (inlcuding the Webserver components) to reset. If the services are set to manual, they will not restart.
This occurs if:
-subdirectories exist in the FTP directory the user is logged onto.
-user has read rigths to these subdirectories
-user issues the above command
Work-around:
2. Ensure users (including anonymous) DO NOT HAVE NTFS RIGHTS on any subdirectories, nor the ability to create subirectories. This can be achieved by ensuring the following rights are applied to THIS DIRECTORY and FILES ONLY
- IUSR_(machinename) (or equivalent Anonymous account) and CREATOR OWNER
- Traverse Folder/Execute File
- List Folder / Read Data
- Read Attributes
- Read Extended Attributes
- Create Files /Write Data
- Read Permissions
-CREATOR OWNER
Risk assessment:
Initial assessment of this risk is LOW at this stage, as there are no known automated exploits active on the Internet.
|
Active Topics
Memberlist
Search
Help
Register
Login
Topic: IIS 5/6 FTP DoS stack exhaustion ls -R *
