Microsoft IIS 5/6 FTP 0Day released
We are aware of a new 0-day exploit that was posted on Milw0rm today.
According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module.
Also according it, it affects IIS 6.0 with stack cookie protection.
The latest on this is that HDMoore is porting it to the MetaSploit framework.
We will update this diary with more info as we get it.
UPDATE4: Microsoft released its advisory on IIS vulnerability and 0day. Seems that IIS 5.0, 5.1 and 6.0 are affected, running on WIndows 2000, XP and 2003. Read more here: http://www.microsoft.com/technet/security/advisory/975191.mspx
UPDATE3: SourceFire Blog about it
UPDATE2: US-CERT released an advisory on it: https://www.kb.cert.org/vuls/id/276653
UPDATE: Emerging Threats have released a signature for the milw0rm IIS-FTP
exploit. It's available in the signature tarballs and a history is available in CVS:
http://www.emergingthreats.
Wiki: http://doc.emergingthreats.
---------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno /%%/ isc. sans. org)
Twitter: http://twitter.com/besecure
Comments
justme
Sep 1st 2009
1 decade ago
http://www.microsoft.com/technet/security/advisory/975191.mspx
See also http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx and http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx for additional informations from MS.
Freudi
Sep 2nd 2009
1 decade ago