Servers & Storage (246 reviews)
Home,
News, Reviews, Features, Tutorials, Media Releases, Buying Guides, Slideshows, Top Rated, Best Buys, Editor's Choice, Videos
Microsoft IIS servers vulnerable to FTP attack
Microsoft issues security warning but doesn't yet provide a patch to fix the vulnerability
Erik Larkin (PC World (US online)) 03/09/2009 06:51:00
Tags: servers, Microsoft, iis server

A critical flaw in the FTP component of Microsoft Internet Information Service (IIS) can allow an attacker to execute malicious commands on a server, Microsoft warned in a new security advisory.

According to a Microsoft Security Research & Defense post, if a vulnerable IIS 5.0 (Windows 2000), 5.1 (XP) or 6.0 (Server 2003) FTP service attempts to list a "long, specially-crafted directory name," a stack overflow will occur that can allow for remote code execution. IIS 7.0 (Vista, Server 2008) is not vulnerable, according to the post.

To be hit, "an FTP server would need to grant untrusted users access to log into and create that long, specially-drafted directory."

There is not yet any patch available, and Microsoft says it has seen "detailed exploit code" available online, though it hasn't yet seen any active attacks. Microsoft's post lists workarounds for the time being, including how to prevent anonymous FTP users from being able to create directories.

More about Microsoft
Recommend this article?
Yes0 votes
No0 votes

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Enter the fully qualified URL, eg. http://www.example.com/
Users posting comments agree to the PC World comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Syndicate content Syndicate content Syndicate content Syndicate content
 
Gift Guide
MWave
Discussions on Servers & Storage

Missing drive and can't get it back

This is a bit tougher than changing letter drive. I was running winXP on a master ...

Backup RAID Controller on IBM x3500 server

Hi, I have two IBM x3500 servers and I want to backup the configuration of the RAID ...

All my external hard drives died! Should I get a tape backup unit and what do I need to know about it. buying and using tape.

Hi Everyone, I had 6 external hard drives averaging 60 gb, and one by one they have ...

Need Help With Server Spec's

Hi everyone, The names Tim. i am trying to decide on the specs of the server ...

Missing drive

Hi there, Just wondering how a drive can disappear off a computer? When I originally ...
Create new Topic
More from the forum
Samsung

CXO Latest

LED Advisor

Popular Phones & Plans

Powered by WhistleOut

1) Apple iPhone 3GS 16GB35 plans 6%
2) Blackberry Bold 900014 plans 10%
3) Blackberry Curve 85206 plans 12%
4) Samsung F48044 plans 6%
5) Nokia 5800 XpressMusic35 plans 6%
Three iiNet Virgin Mobile Vodafone
« 1 of »
1) Apple mobile phones 15%
2) Blackberry mobile phones 23%
3) Nokia mobile phones 2%
4) Samsung mobile phones 5%
5) LG mobile phones 4%

Compare: Mobiles | Broadband

PC World
 

Colour your world with Samsung

A chance to win with every
Samsung Consumable purchase*