ID CVE-2009-2521
Summary Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
References
Vulnerable Configurations
  • Microsoft IIS 5.0
    cpe:2.3:a:microsoft:iis:5.0
  • Microsoft Internet Information Services (IIS) 6.0
    cpe:2.3:a:microsoft:iis:6.0
  • Microsoft Internet Information Services (IIS) 7.0
    cpe:2.3:a:microsoft:iis:7.0
CVSS
Base: 2.6 (as of 04-09-2009 - 10:28)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS (MS09-053). CVE-2009-2521. Dos exploit for windows platform
    id EDB-ID:17476
    last seen 2016-02-02
    modified 2011-07-03
    published 2011-07-03
    reporter Myo Soe
    source https://www.exploit-db.com/download/17476/
    title Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS MS09-053
  • description Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service. CVE-2009-2521. Dos exploit for windows platform
    id EDB-ID:9587
    last seen 2016-02-01
    modified 2009-09-04
    published 2009-09-04
    reporter kingcope
    source https://www.exploit-db.com/download/9587/
    title Microsoft IIS 5.0/6.0 FTP Server Stack Exhaustion Denial of Service
metasploit via4
description This module triggers Denial of Service condition in the Microsoft Internet Information Services (IIS) FTP Server 5.0 through 7.0 via a list (ls) -R command containing a wildcard. For this exploit to work in most cases, you need 1) a valid ftp account: either read-only or write-access account 2) the "FTP Publishing" must be configured as "manual" mode in startup type 3) there must be at least one directory under FTP root directory. If your provided an FTP account has write-access privilege and there is no single directory, a new directory with random name will be created prior to sending exploit payload.
id MSF:AUXILIARY/DOS/WINDOWS/FTP/IIS_LIST_EXHAUSTION
last seen 2019-03-28
modified 2017-07-24
published 2011-11-26
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/iis_list_exhaustion.rb
title Microsoft IIS FTP Server LIST Stack Exhaustion
msbulletin via4
bulletin_id MS09-053
bulletin_url
date 2009-10-13T00:00:00
impact Remote Code Execution
knowledgebase_id 975254
knowledgebase_url
severity Important
title Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS09-053.NASL
description The remote host has a version of IIS whose FTP service is affected by one or both of the following vulnerabilities : - By sending specially crafted list commands to the remote Microsoft FTP service, an attacker is able to cause the service to become unresponsive. (CVE-2009-2521) - A flaw in the way the installed Microsoft FTP service in IIS handles list commands can be exploited to execute remote commands in the context of the LocalSystem account with IIS 5.0 under Windows 2000 or to cause the FTP server to stop and become unresponsive with IIS 5.1 under Windows XP or IIS 6.0 under Windows 2003. (CVE-2009-3023)
last seen 2019-02-21
modified 2018-11-15
plugin id 42109
published 2009-10-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=42109
title MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
oval via4
accepted 2014-08-18T04:06:14.592-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name J. Daniel Brown
    organization DTCC
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft IIS 5.0 is installed
    oval oval:org.mitre.oval:def:731
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft IIS 6.0 is installed
    oval oval:org.mitre.oval:def:227
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft IIS 7.0 is installed
    oval oval:org.mitre.oval:def:5377
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft IIS 7.0 is installed
    oval oval:org.mitre.oval:def:5377
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft IIS 7.0 is installed
    oval oval:org.mitre.oval:def:5377
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft IIS 7.0 is installed
    oval oval:org.mitre.oval:def:5377
description Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
family windows
id oval:org.mitre.oval:def:6508
status accepted
submitted 2009-10-13T13:00:00
title IIS FTP Service DoS Vulnerability
version 41
packetstorm via4
data source https://packetstormsecurity.com/files/download/102750/msiisftp-dos.rb.txt
id PACKETSTORM:102750
last seen 2016-12-05
published 2011-07-03
reporter Kingcope
source https://packetstormsecurity.com/files/102750/Microsoft-IIS-FTP-Server-7.0-Stack-Exhaustion.html
title Microsoft IIS FTP Server 7.0 Stack Exhaustion
refmap via4
cert TA09-286A
fulldisc 20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")
ms MS09-053
mskb 975191
Last major update 24-06-2011 - 00:00
Published 04-09-2009 - 06:30
Last modified 12-10-2018 - 17:52
Back to Top