GEN:SID | 1:1777 |
Message | FTP EXPLOIT STAT * dos attempt |
Summary | This rule detects an attacker executing the STAT command along with file globbing character '*'. This affects Cisco equipment and Microsoft's IIS 4.0, 5.0, and 5.1.
|
Impact | Severe; this vulnerablity is remotely exploitable, and is present on systems that are widely deployed. |
Detailed Information | This rule detects an attacker executing the STAT command along with file globbing character '*'. There is a vulnerability in Microsofts IIS 4.0, 5.0, and 5.1 servers, that causes the service to crash once it receives the STAT command along with a large number of file globbing characters.
VisNetic and Titan FTP servers are also vulnerable to an attack which can present the attacker with the opportunity to break out of the ftp root directory using this command.
|
Affected Systems | Microsoft Internet Information Server 4, 5 and 5.1 Some versions of Cisco equipment VisNetic FTP Server Titan FTP Server
|
Attack Scenarios | An attacker logs into a vulnerable hosts and executes the STAT command with multiple file globbing characters. This would cause the service to crash.
The attacker may also use Nessus to scan for a vulnerable server.
|
Ease of Attack | The attack can be executed with relative ease. |
Corrective Action | Microsoft has released a IIS Security Roll-up Package that addresses this issue. The Roll-up package can be found at: http://www.microsoft.com/ntserver/nts/downloads/security/q319733/default.asp More information on this package can be found at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-018.asp |
Additional References | http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-018.asp http://www.microsoft.com/ntserver/nts/downloads/security/q319733/default.asp
|
Rule References | cve: 2002-0073
bugtraq: 4482
nessus: 10934
|