Microsoft IIS 5/6 FTP 0Day released

Published: 2009-08-31
Last Updated: 2009-09-02 03:04:22 UTC
by Pedro Bueno (Version: 2)
2 comment(s)

 

We are aware of a new 0-day exploit that was posted on Milw0rm today.

According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module.

Also according it, it affects IIS 6.0 with stack cookie protection.

The latest on this is that HDMoore is porting it to the MetaSploit framework.

We will update this diary with more info as we get it.

UPDATE4: Microsoft released its advisory on IIS vulnerability and 0day. Seems that IIS 5.0, 5.1 and 6.0 are affected, running on WIndows 2000, XP and 2003. Read more here:  http://www.microsoft.com/technet/security/advisory/975191.mspx

UPDATE3: SourceFire Blog about it

UPDATE2: US-CERT released an advisory on it: https://www.kb.cert.org/vuls/id/276653

UPDATE: Emerging Threats have released a signature for the milw0rm IIS-FTP
exploit. It's available in the signature tarballs and a history is available in CVS:
http://www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_IISFTP
Wiki: http://doc.emergingthreats.net/bin/view/Main/2009828

---------------------------------------------------------------

Handler on Duty: Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure

Keywords: 0day bug exploit microsoft
2 comment(s)

Comments

cwqwqwq

www

Nov 17th 2022
6 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
6 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
6 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
6 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
6 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
6 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
5 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
5 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
5 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
5 months ago

Login here to join the discussion.


Diary Archives