| VID |
12017 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Microsoft FTP service is vulnerable to a denial of service attack via malformed FTP connection STAT request.
'STAT' command is used to query the current status of ftp connection. A bug is discovered in the FTP service in IIS server that allows a remote attacker to cause a denial of service. This vulnerability arises when a remote attacker has login credentials or anonymous FTP access and sends the malformed request for the status of an existing connection as the follow :
STAT *?AAAAAAAAA....[ .... A*240 ... ] ...AAAAAAAAAAAAAAA
The request would create a particular error condition and prevents FTP service from handling the error correctly. This would result in the disruption of not only FTP services, but also of IIS web services.
* Note: On IIS 5.0 and IIS 5.1, IIS server will automatically restart the service. On IIS 4.0, it will be put back into normal operation by manual restarting the service.
* Platforms Affected :
Microsoft IIS 4.0
Microsoft IIS 5.0
Microsoft IIS 5.1
* References:
http://www.cert.org/advisories/CA-2002-09.html
http://www.kb.cert.org/vuls/id/412203 |
| Recommendation |
Apply the appropriate patch for your system
* Microsoft IIS 4.0(Windows NT 4.0 Workstation, Server, Enterprise Edition) :
1. Open the web page
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37931
2. Select your language from the drop-down list at the top of the page and click <Go>.
3. Click <Security Update>.
4. Download to your computer and Click it.
5. Restart your computer to complete the installation.
* Microsoft IIS 4.0(Windows NT 4.0 Server, Terminal Server Edition) :
1. Open the web page
http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q317636/default.asp
2. Select your language from the drop-down list at the top of the page and click <Next>.
3. Click <Download Now>.
4. Download to your computer and Click it.
5. Restart your computer to complete the installation.
* Microsoft IIS 5.0 :
1. Open the web page
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37824
2. Select your language from the drop-down list at the top of the page and click <Go>.
3. Click <DOWNLOAD>.
4. Download to your computer and Click it.
* Microsoft IIS 5.1 :
1. Open the web page
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37857
2. Click <Download Now>.
3. Download to your computer and Click it.
* Cisco product running IIS :
Refer to Cisco Security Advisory site for affected products and update information.
http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml |
| Related URL |
CVE-2002-0073 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
