We are aware of a new 0-day exploit that was posted on Milw0rm today. According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module. Also according it, it affects IIS 6.0 with stack cookie protection. The latest on this is that HDMoore is porting it to the MetaSploit framework. We will update this diary with more info as we get it. UPDATE3: SourceFire Blog about it UPDATE2: US-CERT released an advisory on it: https://www.kb.cert.org/vuls/id/276653 UPDATE: Emerging Threats have released a signature for the milw0rm IIS-FTP --------------------------------------------------------------- Handler on Duty: Pedro Bueno (pbueno /%%/ isc. sans. org) Twitter: http://twitter.com/besecure |
Pedro 155 Posts ISC Handler Aug 31st 2009 |
Thread locked Subscribe |
Aug 31st 2009 1 decade ago |
it requires an account or anon to be enabled on the target, which somewhat limits the scope of this otherwise damaging bug.
|
Anonymous |
Quote |
Sep 1st 2009 1 decade ago |
MS released Security Advisory 975191 on the issue:
http://www.microsoft.com/technet/security/advisory/975191.mspx See also http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx and http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx for additional informations from MS. |
Anonymous |
Quote |
Sep 2nd 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!