cvelistv5 - CVE-2009-2521

CVE-2009-2521 (GCVE-0-2009-2521)

Vulnerability from cvelistv5

Published

2009-09-04 10:00

Modified

2024-08-07 05:52

Severity ?

CWE

Summary

References

URL

Tags

secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
secure@microsoft.com	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6508",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
          },
          {
            "name": "975191",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
          },
          {
            "name": "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6508",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
        },
        {
          "name": "975191",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
        },
        {
          "name": "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2521",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6508",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
            },
            {
              "name": "975191",
              "refsource": "MSKB",
              "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-053",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
            },
            {
              "name": "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2521",
    "datePublished": "2009-09-04T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.793Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-2521\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-09-04T10:30:01.907\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \\\"IIS FTP Service DoS Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de consumo de pila en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 7.0, permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un comando list (ls) -R que contiene un comod\u00edn que hace referencia a un subdirectorio, seguido por un .. (punto punto), tambi\u00e9n se conoce como \\\"IIS FTP Service DoS Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"7.0\",\"matchCriteriaId\":\"4ED209E9-04E3-4FDD-947E-8103273FF41D\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

fkie_cve-2009-2521

Vulnerability from fkie_nvd

Published

2009-09-04 10:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
secure@microsoft.com	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory

Impacted products

	Vendor	Product	Version
	microsoft	internet_information_services	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_information_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED209E9-04E3-4FDD-947E-8103273FF41D",
              "versionEndIncluding": "7.0",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de consumo de pila en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 7.0, permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) por medio de un comando list (ls) -R que contiene un comod\u00edn que hace referencia a un subdirectorio, seguido por un .. (punto punto), tambi\u00e9n se conoce como \"IIS FTP Service DoS Vulnerability\"."
    }
  ],
  "id": "CVE-2009-2521",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-04T10:30:01.907",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-AVI-433

Vulnerability from certfr_avis

Deux vulnérabilités présentes dans le serveur FTP de Microsoft IIS permettent à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.

Description

Une vulnérabilité (CVE-2009-3023), de type débordement de mémoire, est présente dans le serveur FTP de Microsoft IIS. Elle permet à un utilisateur distant malintentionné de provoquer un déni de service sur les versions 5.1 et 6.0 et 7.0 ou d'exécuter du code arbitraire sur la version 5.0 du serveur vulnérable. Pour exploiter cette faille, l'attaquant doit disposer d'un compte ayant les droits d'écriture sur le serveur afin d'y créer des répertoires particuliers.

La deuxième vulnérabilité (CVE-2009-2521) est due à une saturation des ressources de la pile. Elle permet à une personne malintentionnée authentifiée de provoquer un déni de service au moyen d'une commande spécifique.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Information Services (IIS) 6.0 (FTP Service 6.0) ;
Microsoft	N/A	Microsoft Internet Information Services (IIS) 5.0 (FTP Service 5.0) ;
Microsoft	N/A	Microsoft Internet Information Services (IIS) 7.0 (FTP Service 7.0).
Microsoft	N/A	Microsoft Internet Information Services (IIS) 5.1 (FTP Service 5.1) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-053 du 13 octobre 2009	None	vendor-advisory
Document du CERTA CERTA-2009-ALE-015 du 01 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Information Services (IIS) 6.0 (FTP Service 6.0) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Information Services (IIS) 5.0 (FTP Service 5.0) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Information Services (IIS) 7.0 (FTP Service 7.0).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Information Services (IIS) 5.1 (FTP Service 5.1) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 (CVE-2009-3023), de type d\u00e9bordement de m\u00e9moire, est\npr\u00e9sente dans le serveur FTP de Microsoft IIS. Elle permet \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service sur\nles versions 5.1 et 6.0 et 7.0 ou d\u0027ex\u00e9cuter du code arbitraire sur la\nversion 5.0 du serveur vuln\u00e9rable. Pour exploiter cette faille,\nl\u0027attaquant doit disposer d\u0027un compte ayant les droits d\u0027\u00e9criture sur le\nserveur afin d\u0027y cr\u00e9er des r\u00e9pertoires particuliers.\n\nLa deuxi\u00e8me vuln\u00e9rabilit\u00e9 (CVE-2009-2521) est due \u00e0 une saturation des\nressources de la pile. Elle permet \u00e0 une personne malintentionn\u00e9e\nauthentifi\u00e9e de provoquer un d\u00e9ni de service au moyen d\u0027une commande\nsp\u00e9cifique.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3023"
    },
    {
      "name": "CVE-2009-2521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2521"
    }
  ],
  "initial_release_date": "2009-10-14T00:00:00",
  "last_revision_date": "2009-10-14T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2009-ALE-015 du 01 septembre 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-015/index.html"
    }
  ],
  "reference": "CERTA-2009-AVI-433",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans le serveur FTP de \u003cspan\nclass=\"textit\"\u003eMicrosoft IIS\u003c/span\u003e permettent \u00e0 un utilisateur distant\nde provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s du serveur FTP de Microsoft IIS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-053 du 13 octobre 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx"
    }
  ]
}

CERTA-2009-ALE-015

Vulnerability from certfr_alerte

Deux vulnérabilités présentes dans le serveur FTP de Microsoft IIS permettent à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.

Description

Pour exploiter cette faille, l'attaquant doit disposer d'un compte ayant les droits d'écriture sur le serveur afin d'y créer des répertoires particuliers.

La deuxième vulnérabilité (CVE-2009-2521), due à une saturation des ressources de la pile, permet à une personne malintentionnée authentifiée de provoquer un déni de service au moyen d'une commande spécifique.

Du code permettant l'exploitation de ces vulnérabilités est disponible sur l'Internet.

Contournement provisoire

Pour la première vulnérabilité :

Désactiver le support de l'écriture de fichiers dans la configuration du serveur FTP de Microsoft IIS pour les utilisateurs non identifiés (compte anonymous) ;
supprimer la permission NTFS de créer des répertoires pour les utilisateurs du service ;

Pour les deux vulnérabilités :

restreindre l'accès du serveur FTP aux seules personnes de confiance ;
désactiver le service FTP si ce dernier n'est pas nécessaire ;
utiliser un serveur FTP alternatif.

Les utilisateurs de Microsoft Internet Information Services 7.0 peuvent également mettre à jour le service FTP en version 7.5.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Internet Information Services (IIS) 5.0 (FTP Service 5.0) ;
Microsoft Internet Information Services (IIS) 5.1 (FTP Service 5.1) ;
Microsoft Internet Information Services (IIS) 6.0 (FTP Service 6.0) ;
Microsoft Internet Information Services (IIS) 7.0 (FTP Service 7.0).

Microsoft IIS 7.5 n'est pas affecté. Les utilisateurs de Microsoft IIS 7.0 avec FTP Service 7.5 ne sont pas affectés.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité VU#276653 de l'US-CERT	None	vendor-advisory
Bulletin de sécurité Microsoft 975191 du 01 septembre 2009 :	-	other
Bulletin de sécurité Microsoft MS09-053 du 13 octobre 2009 :	-	other
Document du CERTA CERTA-2009-AVI-433 du 14 octobre 2009 :	-	other
Note de vulnérabilité de l'US-CERT VU#276653 du 31 août 2009 :	-	other
Bulletin de sécurité Microsoft MS09-053 du 13 octobre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003e\u003cSPAN class=\"textit\"\u003eMicrosoft Internet Information    Services\u003c/SPAN\u003e (IIS) 5.0 (FTP Service 5.0) ;\u003c/LI\u003e    \u003cLI\u003e\u003cSPAN class=\"textit\"\u003eMicrosoft Internet Information    Services\u003c/SPAN\u003e (IIS) 5.1 (FTP Service 5.1) ;\u003c/LI\u003e    \u003cLI\u003e\u003cSPAN class=\"textit\"\u003eMicrosoft Internet Information    Services\u003c/SPAN\u003e (IIS) 6.0 (FTP Service 6.0) ;\u003c/LI\u003e    \u003cLI\u003e\u003cSPAN class=\"textit\"\u003eMicrosoft Internet Information    Services\u003c/SPAN\u003e (IIS) 7.0 (FTP Service 7.0).\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003e\u003cSPAN class=\"textit\"\u003eMicrosoft IIS\u003c/SPAN\u003e 7.5 n\u0027est pas  affect\u00e9. Les utilisateurs de \u003cSPAN class=\"textit\"\u003eMicrosoft  IIS\u003c/SPAN\u003e 7.0 avec FTP Service 7.5 ne sont pas affect\u00e9s.\u003c/P\u003e",
  "closed_at": "2009-10-14",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 (CVE-2009-3023), de type d\u00e9bordement de m\u00e9moire, est\npr\u00e9sente dans le serveur FTP de Microsoft IIS. Elle permet \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service sur\nles versions 5.1 et 6.0 et 7.0 ou d\u0027ex\u00e9cuter du code arbitraire sur la\nversion 5.0 du serveur vuln\u00e9rable.\n\nPour exploiter cette faille, l\u0027attaquant doit disposer d\u0027un compte ayant\nles droits d\u0027\u00e9criture sur le serveur afin d\u0027y cr\u00e9er des r\u00e9pertoires\nparticuliers.\n\nLa deuxi\u00e8me vuln\u00e9rabilit\u00e9 (CVE-2009-2521), due \u00e0 une saturation des\nressources de la pile, permet \u00e0 une personne malintentionn\u00e9e\nauthentifi\u00e9e de provoquer un d\u00e9ni de service au moyen d\u0027une commande\nsp\u00e9cifique.\n\nDu code permettant l\u0027exploitation de ces vuln\u00e9rabilit\u00e9s est disponible\nsur l\u0027Internet.\n\n## Contournement provisoire\n\nPour la premi\u00e8re vuln\u00e9rabilit\u00e9 :\n\n-   D\u00e9sactiver le support de l\u0027\u00e9criture de fichiers dans la\n    configuration du serveur FTP de Microsoft IIS pour les utilisateurs\n    non identifi\u00e9s (compte anonymous) ;\n-   supprimer la permission NTFS de cr\u00e9er des r\u00e9pertoires pour les\n    utilisateurs du service ;\n\nPour les deux vuln\u00e9rabilit\u00e9s :\n\n-   restreindre l\u0027acc\u00e8s du serveur FTP aux seules personnes de confiance\n    ;\n-   d\u00e9sactiver le service FTP si ce dernier n\u0027est pas n\u00e9cessaire ;\n-   utiliser un serveur FTP alternatif.\n\nLes utilisateurs de Microsoft Internet Information Services 7.0 peuvent\n\u00e9galement mettre \u00e0 jour le service FTP en version 7.5.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2521"
    },
    {
      "name": "CVE-2009-3023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3023"
    }
  ],
  "initial_release_date": "2009-09-01T00:00:00",
  "last_revision_date": "2009-10-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft 975191 du 01 septembre 2009    :",
      "url": "http://www.microsoft.com/technet/security/advisory/975191.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-053 du 13 octobre 2009    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx"
    },
    {
      "title": "Document du CERTA CERTA-2009-AVI-433 du 14 octobre 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-433/index.html"
    },
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#276653 du 31 ao\u00fbt    2009 :",
      "url": "http://www.kb.cert.org/vuls/id/276653"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-053 du 13 octobre 2009    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-053.mspx"
    }
  ],
  "reference": "CERTA-2009-ALE-015",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-01T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour des contournements provisoires, ajout des r\u00e9f\u00e9rences au bulletin Microsoft et au CVE.",
      "revision_date": "2009-09-02T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE-2009-2521, ajout de IIS 7.0 dans la liste des produits vuln\u00e9rables.",
      "revision_date": "2009-09-04T00:00:00.000000"
    },
    {
      "description": "mise \u00e0 jour des produits affect\u00e9s, de la description des vuln\u00e9rabilit\u00e9s et ajout d\u0027un contournement provisoire.",
      "revision_date": "2009-09-07T00:00:00.000000"
    },
    {
      "description": "ajout de la solution et des r\u00e9f\u00e9rences correspondantes.",
      "revision_date": "2009-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans le serveur FTP de \u003cspan\nclass=\"textit\"\u003eMicrosoft IIS\u003c/span\u003e permettent \u00e0 un utilisateur distant\nde provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s du serveur FTP de Microsoft IIS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VU#276653 de l\u0027US-CERT",
      "url": null
    }
  ]
}

ghsa-w8g4-h8cc-352m

Vulnerability from github

Published

2022-05-02 03:36

Modified

2025-04-09 04:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-2521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-04T10:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
  "id": "GHSA-w8g4-h8cc-352m",
  "modified": "2025-04-09T04:13:52Z",
  "published": "2022-05-02T03:36:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2521"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
    },
    {
      "type": "WEB",
      "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191"
    },
    {
      "type": "WEB",
      "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-2521

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2521

Aliases

CVE-2009-2521

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-2521",
    "description": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
    "id": "GSD-2009-2521",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2009-2521"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-2521"
      ],
      "details": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
      "id": "GSD-2009-2521",
      "modified": "2023-12-13T01:19:46.959748Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-2521",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:6508",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
          },
          {
            "name": "975191",
            "refsource": "MSKB",
            "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
          },
          {
            "name": "TA09-286A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-053",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
          },
          {
            "name": "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0",
                "versionStartIncluding": "5.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2521"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
              "refsource": "FULLDISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6508",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508"
            },
            {
              "name": "975191",
              "refsource": "MSKB",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191"
            },
            {
              "name": "MS09-053",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-11-23T19:50Z",
      "publishedDate": "2009-09-04T10:30Z"
    }
  }
}

var-200909-0359

Vulnerability from variot

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability.". The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker can exploit this issue to terminate the affected application, denying service to legitimate users. This issue affects the following: IIS 5.0 IIS 5.1 IIS 6.0 IIS 7.0 NOTE: Microsoft IIS 7.0 with FTP Service 7.5 is not affected by this issue. Other versions may also be affected. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

The vulnerability is caused due to an error when processing recursive directory listing requests. This can be exploited to cause a stack overflow and crash the FTP service via a specially crafted request containing wildcard characters (e.g.

Successful exploitation requires that at least one directory is placed under the FTP root.

The vulnerability is confirmed in IIS 5.1 for Windows XP SP3 and in IIS 6.0 for Windows Server 2003, and additionally reported in IIS 5.0 and 7.0.

SOLUTION: Restrict access to trusted users only.

Users of IIS 7.0 can optionally upgrade the FTP service to version 7.5.

Microsoft FTP Service 7.5 for IIS 7.0 (x86): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b7f5b652-8c5c-447a-88b8-8cfc5c13f571

Microsoft FTP Service 7.5 for IIS 7.0 (x64): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ffb7c167-279e-48d3-8169-dea85784c4d1

PROVIDED AND/OR DISCOVERED BY: Kingcope

ORIGINAL ADVISORY: Kingcope: http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html

Microsoft: http://www.microsoft.com/technet/security/advisory/975191.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Alert System

          Technical Cyber Security Alert TA09-286A

Microsoft Updates for Multiple Vulnerabilities

Original release date: Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows and Windows Server
 * Microsoft Internet Explorer
 * Microsoft Office
 * Microsoft .NET Framework
 * Microsoft Silverlight
 * Microsoft SQL Server
 * Microsoft Developer Tools
 * Microsoft Forefront

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront.

I. Description

Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront. These bulletins are described in the Microsoft Security Bulletin Summary for October 2009.

II.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for October 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for October 2009 - http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA09-286A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-286A Feedback VU#788021" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2009 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

October 13, 2009: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBStTKrtucaIvSvh1ZAQL82wf+PgEKeQvhJ5HQGJ3S0/VzCP7/PzauiWrW Zm/l1mlzOpp6F81G35xHfnOXJ9pY5/rv5Ez80ME8mQrYi8K0IHiA24mHBXu9vFSk crtGkpGGqvrPRxJbuC+otsy8wtYzAu6fa6np3FF+fGFCvhAuf5kzfEMHR79BNC4A 04Lz7zJvO+7w+y4mt4lbfc7FJnoPm5kIFu3hQV2KmsnATipYUB8gVVqb6mpkCsbR aIbgKdyXFWeLiQVPN3bwUt4yE0FnpWT89eZCANdFtOSHVl2ff3cumR9YB1mHDUbQ 8qomBgx1goC2DlRRcX0EpyJp1+4fLl1pnuHD1Qtt1LTYyZ+sTq566g== =sbjN -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0359",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "7.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "internet information services",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "7.0"
      },
      {
        "model": "internet information services",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "iis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7.5"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:iis",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nikolaos Rangos",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-2521",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2009-2521",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2009-2521",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-2521",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#276653",
            "trust": 0.8,
            "value": "20.81"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-2521",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200909-069",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\". The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. \nAn attacker can exploit this issue to terminate the affected application, denying service to legitimate users. \nThis issue affects the following:\nIIS 5.0\nIIS 5.1\nIIS 6.0\nIIS 7.0\nNOTE: Microsoft IIS 7.0 with FTP Service 7.5 is not affected by this issue. Other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nThe vulnerability is caused due to an error when processing recursive\ndirectory listing requests. This can be exploited to cause a stack\noverflow and crash the FTP service via a specially crafted request\ncontaining wildcard characters (e.g. \n\nSuccessful exploitation requires that at least one directory is\nplaced under the FTP root. \n\nThe vulnerability is confirmed in IIS 5.1 for Windows XP SP3 and in\nIIS 6.0 for Windows Server 2003, and additionally reported in IIS 5.0\nand 7.0. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nUsers of IIS 7.0 can optionally upgrade the FTP service to version\n7.5. \n\nMicrosoft FTP Service 7.5 for IIS 7.0 (x86):\nhttp://www.microsoft.com/downloads/details.aspx?displaylang=en\u0026FamilyID=b7f5b652-8c5c-447a-88b8-8cfc5c13f571\n\nMicrosoft FTP Service 7.5 for IIS 7.0 (x64):\nhttp://www.microsoft.com/downloads/details.aspx?displaylang=en\u0026FamilyID=ffb7c167-279e-48d3-8169-dea85784c4d1\n\nPROVIDED AND/OR DISCOVERED BY:\nKingcope\n\nORIGINAL ADVISORY:\nKingcope:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\n\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/975191.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA09-286A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: \n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows and Windows Server\n     * Microsoft Internet Explorer\n     * Microsoft Office\n     * Microsoft .NET Framework\n     * Microsoft Silverlight\n     * Microsoft SQL Server\n     * Microsoft Developer Tools\n     * Microsoft Forefront\n\n\nOverview\n\n   Microsoft has released updates to address vulnerabilities in\n   Microsoft Windows and Windows Server, Internet Explorer, Office,\n   .NET Framework, Silverlight, SQL Server, Developer Tools, and\n   Forefront. \n\n\nI. Description\n\n   Microsoft has released multiple security bulletins for critical\n   vulnerabilities in Microsoft Windows and Windows Server, Internet\n   Explorer, Office, .NET Framework, Silverlight, SQL Server,\n   Developer Tools, and Forefront. These bulletins are described in\n   the Microsoft Security Bulletin Summary for October 2009. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates from Microsoft\n   \n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for October 2009. The security\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. Administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for October 2009 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA09-286A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA09-286A Feedback VU#788021\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2009 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n  \n  October 13, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBStTKrtucaIvSvh1ZAQL82wf+PgEKeQvhJ5HQGJ3S0/VzCP7/PzauiWrW\nZm/l1mlzOpp6F81G35xHfnOXJ9pY5/rv5Ez80ME8mQrYi8K0IHiA24mHBXu9vFSk\ncrtGkpGGqvrPRxJbuC+otsy8wtYzAu6fa6np3FF+fGFCvhAuf5kzfEMHR79BNC4A\n04Lz7zJvO+7w+y4mt4lbfc7FJnoPm5kIFu3hQV2KmsnATipYUB8gVVqb6mpkCsbR\naIbgKdyXFWeLiQVPN3bwUt4yE0FnpWT89eZCANdFtOSHVl2ff3cumR9YB1mHDUbQ\n8qomBgx1goC2DlRRcX0EpyJp1+4fLl1pnuHD1Qtt1LTYyZ+sTq566g==\n=sbjN\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2521"
      },
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "db": "BID",
        "id": "36273"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81005"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-2521",
        "trust": 2.7
      },
      {
        "db": "USCERT",
        "id": "TA09-286A",
        "trust": 2.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#276653",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "36273",
        "trust": 1.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "9541",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "36594",
        "trust": 0.9
      },
      {
        "db": "USCERT",
        "id": "SA09-286A",
        "trust": 0.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-2542",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "36443",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "80892",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81005",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81977",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81005"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "id": "VAR-200909-0359",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-11-23T20:17:05.385000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "975191",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/975191.mspx"
      },
      {
        "title": "MS09-053",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx"
      },
      {
        "title": "975191",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/advisory/975191.mspx"
      },
      {
        "title": "MS09-053",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms09-053.mspx"
      },
      {
        "title": "MS09-053e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS09-053e.mspx"
      },
      {
        "title": "TA09-286A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-286a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-286a.html"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html"
      },
      {
        "trust": 1.6,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6508"
      },
      {
        "trust": 1.2,
        "url": "http://www.microsoft.com/technet/security/advisory/975191.mspx"
      },
      {
        "trust": 1.0,
        "url": "http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq975191"
      },
      {
        "trust": 0.9,
        "url": "http://milw0rm.com/exploits/9541"
      },
      {
        "trust": 0.9,
        "url": "http://www.kb.cert.org/vuls/id/276653"
      },
      {
        "trust": 0.8,
        "url": "http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2521"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20091014-ms09-053.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta09-286a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu276653/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2009-23/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2521"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/36594"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/36273"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa09-286a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2009/2542"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/#topics"
      },
      {
        "trust": 0.6,
        "url": "/archive/1/506256"
      },
      {
        "trust": 0.6,
        "url": "http://support.microsoft.com/default.aspx?scid=kb;[ln];q975191"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/msrc/archive/2009/09/03/microsoft-security-advisory-975191-revised.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36443/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?displaylang=en\u0026familyid=ffb7c167-279e-48d3-8169-dea85784c4d1"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?displaylang=en\u0026familyid=b7f5b652-8c5c-447a-88b8-8cfc5c13f571"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/36594/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-286a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81005"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "db": "BID",
        "id": "36273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "db": "PACKETSTORM",
        "id": "81005"
      },
      {
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-08-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "date": "2009-09-03T00:00:00",
        "db": "BID",
        "id": "36273"
      },
      {
        "date": "2009-10-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "date": "2009-09-01T07:26:38",
        "db": "PACKETSTORM",
        "id": "80892"
      },
      {
        "date": "2009-09-04T15:24:55",
        "db": "PACKETSTORM",
        "id": "81005"
      },
      {
        "date": "2009-10-14T18:32:45",
        "db": "PACKETSTORM",
        "id": "81977"
      },
      {
        "date": "2009-09-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      },
      {
        "date": "2009-09-04T10:30:01.907000",
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-02T00:00:00",
        "db": "CERT/CC",
        "id": "VU#276653"
      },
      {
        "date": "2009-10-13T20:58:00",
        "db": "BID",
        "id": "36273"
      },
      {
        "date": "2009-10-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002073"
      },
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      },
      {
        "date": "2024-11-21T01:05:04.427000",
        "db": "NVD",
        "id": "CVE-2009-2521"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#276653"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200909-069"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-2521 (GCVE-0-2009-2521)

Vulnerability from cvelistv5

fkie_cve-2009-2521

Vulnerability from fkie_nvd

CERTA-2009-AVI-433

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-ALE-015

Vulnerability from certfr_alerte

Description

Contournement provisoire

Solution

ghsa-w8g4-h8cc-352m

Vulnerability from github

gsd-2009-2521

Vulnerability from gsd

var-200909-0359

Vulnerability from variot

Tags

Sightings

Nomenclature