cvelistv5 - cve-2009-2521

cve-2009-2521

Vulnerability from cvelistv5

Published

2009-09-04 10:00

Modified

2024-08-07 05:52

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
secure@microsoft.com	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:52:14.793Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:6508",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
               },
               {
                  name: "975191",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MSKB",
                     "x_transferred",
                  ],
                  url: "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191",
               },
               {
                  name: "TA09-286A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
               },
               {
                  name: "MS09-053",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
               },
               {
                  name: "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-09-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-12T19:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:6508",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
            },
            {
               name: "975191",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MSKB",
               ],
               url: "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191",
            },
            {
               name: "TA09-286A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
            },
            {
               name: "MS09-053",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
            },
            {
               name: "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2009-2521",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "oval:org.mitre.oval:def:6508",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
                  },
                  {
                     name: "975191",
                     refsource: "MSKB",
                     url: "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191",
                  },
                  {
                     name: "TA09-286A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
                  },
                  {
                     name: "MS09-053",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
                  },
                  {
                     name: "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2009-2521",
      datePublished: "2009-09-04T10:00:00",
      dateReserved: "2009-07-17T00:00:00",
      dateUpdated: "2024-08-07T05:52:14.793Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2009-2521\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-09-04T10:30:01.907\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \\\"IIS FTP Service DoS Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de consumo de pila en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 7.0, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) por medio de un comando list (ls) -R que contiene un comodín que hace referencia a un subdirectorio, seguido por un .. (punto punto), también se conoce como \\\"IIS FTP Service DoS Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_services:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndIncluding\":\"7.0\",\"matchCriteriaId\":\"4ED209E9-04E3-4FDD-947E-8103273FF41D\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-286A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
   },
}

ghsa-w8g4-h8cc-352m

Vulnerability from github

Published

2022-05-02 03:36

Modified

2025-04-09 04:13

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2009-2521",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-400",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2009-09-04T10:30:00Z",
      severity: "MODERATE",
   },
   details: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
   id: "GHSA-w8g4-h8cc-352m",
   modified: "2025-04-09T04:13:52Z",
   published: "2022-05-02T03:36:05Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2521",
      },
      {
         type: "WEB",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
      },
      {
         type: "WEB",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
      },
      {
         type: "WEB",
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
      },
      {
         type: "WEB",
         url: "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191",
      },
      {
         type: "WEB",
         url: "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191",
      },
      {
         type: "WEB",
         url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

fkie_cve-2009-2521

Vulnerability from fkie_nvd

Published

2009-09-04 10:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
secure@microsoft.com	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508	Third Party Advisory

Impacted products

	Vendor	Product	Version
	microsoft	internet_information_services	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:internet_information_services:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4ED209E9-04E3-4FDD-947E-8103273FF41D",
                     versionEndIncluding: "7.0",
                     versionStartIncluding: "5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de consumo de pila en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 7.0, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del demonio) por medio de un comando list (ls) -R que contiene un comodín que hace referencia a un subdirectorio, seguido por un .. (punto punto), también se conoce como \"IIS FTP Service DoS Vulnerability\".",
      },
   ],
   id: "CVE-2009-2521",
   lastModified: "2025-04-09T00:30:58.490",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-09-04T10:30:01.907",
   references: [
      {
         source: "secure@microsoft.com",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
      },
      {
         source: "secure@microsoft.com",
         url: "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-400",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability.". The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. An attacker can exploit this issue to terminate the affected application, denying service to legitimate users. This issue affects the following: IIS 5.0 IIS 5.1 IIS 6.0 IIS 7.0 NOTE: Microsoft IIS 7.0 with FTP Service 7.5 is not affected by this issue. Other versions may also be affected. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

The vulnerability is caused due to an error when processing recursive directory listing requests. This can be exploited to cause a stack overflow and crash the FTP service via a specially crafted request containing wildcard characters (e.g.

Successful exploitation requires that at least one directory is placed under the FTP root.

The vulnerability is confirmed in IIS 5.1 for Windows XP SP3 and in IIS 6.0 for Windows Server 2003, and additionally reported in IIS 5.0 and 7.0.

SOLUTION: Restrict access to trusted users only.

Users of IIS 7.0 can optionally upgrade the FTP service to version 7.5.

Microsoft FTP Service 7.5 for IIS 7.0 (x86): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b7f5b652-8c5c-447a-88b8-8cfc5c13f571

Microsoft FTP Service 7.5 for IIS 7.0 (x64): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ffb7c167-279e-48d3-8169-dea85784c4d1

PROVIDED AND/OR DISCOVERED BY: Kingcope

ORIGINAL ADVISORY: Kingcope: http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html

Microsoft: http://www.microsoft.com/technet/security/advisory/975191.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Alert System

          Technical Cyber Security Alert TA09-286A

Microsoft Updates for Multiple Vulnerabilities

Original release date: Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows and Windows Server
 * Microsoft Internet Explorer
 * Microsoft Office
 * Microsoft .NET Framework
 * Microsoft Silverlight
 * Microsoft SQL Server
 * Microsoft Developer Tools
 * Microsoft Forefront

Overview

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront.

I. Description

Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows and Windows Server, Internet Explorer, Office, .NET Framework, Silverlight, SQL Server, Developer Tools, and Forefront. These bulletins are described in the Microsoft Security Bulletin Summary for October 2009.

II.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for October 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for October 2009 - http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA09-286A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-286A Feedback VU#788021" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2009 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

October 13, 2009: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBStTKrtucaIvSvh1ZAQL82wf+PgEKeQvhJ5HQGJ3S0/VzCP7/PzauiWrW Zm/l1mlzOpp6F81G35xHfnOXJ9pY5/rv5Ez80ME8mQrYi8K0IHiA24mHBXu9vFSk crtGkpGGqvrPRxJbuC+otsy8wtYzAu6fa6np3FF+fGFCvhAuf5kzfEMHR79BNC4A 04Lz7zJvO+7w+y4mt4lbfc7FJnoPm5kIFu3hQV2KmsnATipYUB8gVVqb6mpkCsbR aIbgKdyXFWeLiQVPN3bwUt4yE0FnpWT89eZCANdFtOSHVl2ff3cumR9YB1mHDUbQ 8qomBgx1goC2DlRRcX0EpyJp1+4fLl1pnuHD1Qtt1LTYyZ+sTq566g== =sbjN -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200909-0359",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "iis",
            scope: "eq",
            trust: 1.7,
            vendor: "microsoft",
            version: "7.0",
         },
         {
            model: "iis",
            scope: "eq",
            trust: 1.7,
            vendor: "microsoft",
            version: "6.0",
         },
         {
            model: "iis",
            scope: "eq",
            trust: 1.7,
            vendor: "microsoft",
            version: "5.0",
         },
         {
            model: "iis",
            scope: "eq",
            trust: 1.1,
            vendor: "microsoft",
            version: "5.1",
         },
         {
            model: "internet information services",
            scope: "lte",
            trust: 1,
            vendor: "microsoft",
            version: "7.0",
         },
         {
            model: "internet information services",
            scope: "gte",
            trust: 1,
            vendor: "microsoft",
            version: "5.0",
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "microsoft",
            version: null,
         },
         {
            model: "iis",
            scope: "ne",
            trust: 0.3,
            vendor: "microsoft",
            version: "7.5",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            db: "BID",
            id: "36273",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
         {
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:microsoft:iis",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Nikolaos Rangos",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2009-2521",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "CVE-2009-2521",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "Single",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 4,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2009-2521",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2009-2521",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#276653",
                  trust: 0.8,
                  value: "20.81",
               },
               {
                  author: "NVD",
                  id: "CVE-2009-2521",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200909-069",
                  trust: 0.6,
                  value: "LOW",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
         {
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\". The Microsoft IIS FTP server contains a stack buffer overflow in the handling of directory names, which may allow a remote attacker to execute arbitrary code on a vulnerable system. \nAn attacker can exploit this issue to terminate the affected application, denying service to legitimate users. \nThis issue affects the following:\nIIS 5.0\nIIS 5.1\nIIS 6.0\nIIS 7.0\nNOTE: Microsoft IIS 7.0 with FTP Service 7.5 is not affected by this issue. Other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nThe vulnerability is caused due to an error when processing recursive\ndirectory listing requests. This can be exploited to cause a stack\noverflow and crash the FTP service via a specially crafted request\ncontaining wildcard characters (e.g. \n\nSuccessful exploitation requires that at least one directory is\nplaced under the FTP root. \n\nThe vulnerability is confirmed in IIS 5.1 for Windows XP SP3 and in\nIIS 6.0 for Windows Server 2003, and additionally reported in IIS 5.0\nand 7.0. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nUsers of IIS 7.0 can optionally upgrade the FTP service to version\n7.5. \n\nMicrosoft FTP Service 7.5 for IIS 7.0 (x86):\nhttp://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b7f5b652-8c5c-447a-88b8-8cfc5c13f571\n\nMicrosoft FTP Service 7.5 for IIS 7.0 (x64):\nhttp://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ffb7c167-279e-48d3-8169-dea85784c4d1\n\nPROVIDED AND/OR DISCOVERED BY:\nKingcope\n\nORIGINAL ADVISORY:\nKingcope:\nhttp://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html\n\nMicrosoft:\nhttp://www.microsoft.com/technet/security/advisory/975191.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA09-286A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: \n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows and Windows Server\n     * Microsoft Internet Explorer\n     * Microsoft Office\n     * Microsoft .NET Framework\n     * Microsoft Silverlight\n     * Microsoft SQL Server\n     * Microsoft Developer Tools\n     * Microsoft Forefront\n\n\nOverview\n\n   Microsoft has released updates to address vulnerabilities in\n   Microsoft Windows and Windows Server, Internet Explorer, Office,\n   .NET Framework, Silverlight, SQL Server, Developer Tools, and\n   Forefront. \n\n\nI. Description\n\n   Microsoft has released multiple security bulletins for critical\n   vulnerabilities in Microsoft Windows and Windows Server, Internet\n   Explorer, Office, .NET Framework, Silverlight, SQL Server,\n   Developer Tools, and Forefront. These bulletins are described in\n   the Microsoft Security Bulletin Summary for October 2009. \n\n\nII. \n\n\nIII. Solution\n\n   Apply updates from Microsoft\n   \n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for October 2009. The security\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. Administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for October 2009 -\n   <http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx>\n\n * Microsoft Windows Server Update Services -\n   <http://technet.microsoft.com/en-us/wsus/default.aspx>\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     <http://www.us-cert.gov/cas/techalerts/TA09-286A.html>\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to <cert@cert.org> with \"TA09-286A Feedback VU#788021\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit <http://www.us-cert.gov/cas/signup.html>. \n ____________________________________________________________________\n\n   Produced 2009 by US-CERT, a government organization. \n\n   Terms of use:\n\n     <http://www.us-cert.gov/legal.html>\n ____________________________________________________________________\n\nRevision History\n  \n  October 13, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBStTKrtucaIvSvh1ZAQL82wf+PgEKeQvhJ5HQGJ3S0/VzCP7/PzauiWrW\nZm/l1mlzOpp6F81G35xHfnOXJ9pY5/rv5Ez80ME8mQrYi8K0IHiA24mHBXu9vFSk\ncrtGkpGGqvrPRxJbuC+otsy8wtYzAu6fa6np3FF+fGFCvhAuf5kzfEMHR79BNC4A\n04Lz7zJvO+7w+y4mt4lbfc7FJnoPm5kIFu3hQV2KmsnATipYUB8gVVqb6mpkCsbR\naIbgKdyXFWeLiQVPN3bwUt4yE0FnpWT89eZCANdFtOSHVl2ff3cumR9YB1mHDUbQ\n8qomBgx1goC2DlRRcX0EpyJp1+4fLl1pnuHD1Qtt1LTYyZ+sTq566g==\n=sbjN\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2009-2521",
         },
         {
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            db: "BID",
            id: "36273",
         },
         {
            db: "PACKETSTORM",
            id: "80892",
         },
         {
            db: "PACKETSTORM",
            id: "81005",
         },
         {
            db: "PACKETSTORM",
            id: "81977",
         },
      ],
      trust: 2.88,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2009-2521",
            trust: 2.7,
         },
         {
            db: "USCERT",
            id: "TA09-286A",
            trust: 2.5,
         },
         {
            db: "CERT/CC",
            id: "VU#276653",
            trust: 1.7,
         },
         {
            db: "BID",
            id: "36273",
            trust: 1.1,
         },
         {
            db: "EXPLOIT-DB",
            id: "9541",
            trust: 0.9,
         },
         {
            db: "SECUNIA",
            id: "36594",
            trust: 0.9,
         },
         {
            db: "USCERT",
            id: "SA09-286A",
            trust: 0.8,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-2542",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
            trust: 0.6,
         },
         {
            db: "SECUNIA",
            id: "36443",
            trust: 0.3,
         },
         {
            db: "PACKETSTORM",
            id: "80892",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "81005",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "81977",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            db: "BID",
            id: "36273",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            db: "PACKETSTORM",
            id: "80892",
         },
         {
            db: "PACKETSTORM",
            id: "81005",
         },
         {
            db: "PACKETSTORM",
            id: "81977",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
         {
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   id: "VAR-200909-0359",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 1,
   },
   last_update_date: "2024-11-23T20:17:05.385000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "975191",
            trust: 0.8,
            url: "http://www.microsoft.com/technet/security/advisory/975191.mspx",
         },
         {
            title: "MS09-053",
            trust: 0.8,
            url: "http://www.microsoft.com/technet/security/bulletin/MS09-053.mspx",
         },
         {
            title: "975191",
            trust: 0.8,
            url: "http://www.microsoft.com/japan/technet/security/advisory/975191.mspx",
         },
         {
            title: "MS09-053",
            trust: 0.8,
            url: "http://www.microsoft.com/japan/technet/security/bulletin/ms09-053.mspx",
         },
         {
            title: "MS09-053e",
            trust: 0.8,
            url: "http://www.microsoft.com/japan/security/bulletins/MS09-053e.mspx",
         },
         {
            title: "TA09-286A",
            trust: 0.8,
            url: "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-286a.html",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-400",
            trust: 1,
         },
         {
            problemtype: "CWE-119",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "http://www.us-cert.gov/cas/techalerts/ta09-286a.html",
         },
         {
            trust: 1.7,
            url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
         },
         {
            trust: 1.6,
            url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
         },
         {
            trust: 1.6,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6508",
         },
         {
            trust: 1.2,
            url: "http://www.microsoft.com/technet/security/advisory/975191.mspx",
         },
         {
            trust: 1,
            url: "http://support.microsoft.com/default.aspx?scid=kb%3b%5bln%5d%3bq975191",
         },
         {
            trust: 0.9,
            url: "http://milw0rm.com/exploits/9541",
         },
         {
            trust: 0.9,
            url: "http://www.kb.cert.org/vuls/id/276653",
         },
         {
            trust: 0.8,
            url: "http://blog.g-sec.lu/2009/09/iis-5-iis-6-ftp-vulnerability.html",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2521",
         },
         {
            trust: 0.8,
            url: "http://www.ipa.go.jp/security/ciadr/vul/20091014-ms09-053.html",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnta09-286a/",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnvu276653/index.html",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/tr/jvntr-2009-23/",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2521",
         },
         {
            trust: 0.8,
            url: "http://secunia.com/advisories/36594",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/36273",
         },
         {
            trust: 0.8,
            url: "http://www.us-cert.gov/cas/alerts/sa09-286a.html",
         },
         {
            trust: 0.8,
            url: "http://www.vupen.com/english/advisories/2009/2542",
         },
         {
            trust: 0.8,
            url: "http://www.cyberpolice.go.jp/#topics",
         },
         {
            trust: 0.6,
            url: "/archive/1/506256",
         },
         {
            trust: 0.6,
            url: "http://support.microsoft.com/default.aspx?scid=kb;[ln];q975191",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com/windowsserver2003/iis/default.mspx",
         },
         {
            trust: 0.3,
            url: "http://blogs.technet.com/msrc/archive/2009/09/01/microsoft-security-advisory-975191-released.aspx",
         },
         {
            trust: 0.3,
            url: "http://blogs.technet.com/msrc/archive/2009/09/03/microsoft-security-advisory-975191-revised.aspx",
         },
         {
            trust: 0.3,
            url: "http://blogs.technet.com/srd/archive/2009/09/01/new-vulnerability-in-iis5-and-iis6.aspx",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/advisories/secunia_security_advisories/",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/advisories/business_solutions/",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/advisories/about_secunia_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/36443/",
         },
         {
            trust: 0.1,
            url: "http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=ffb7c167-279e-48d3-8169-dea85784c4d1",
         },
         {
            trust: 0.1,
            url: "http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=b7f5b652-8c5c-447a-88b8-8cfc5c13f571",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/36594/",
         },
         {
            trust: 0.1,
            url: "http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx>",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/cas/techalerts/ta09-286a.html>",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/cas/signup.html>.",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/legal.html>",
         },
         {
            trust: 0.1,
            url: "http://technet.microsoft.com/en-us/wsus/default.aspx>",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            db: "BID",
            id: "36273",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            db: "PACKETSTORM",
            id: "80892",
         },
         {
            db: "PACKETSTORM",
            id: "81005",
         },
         {
            db: "PACKETSTORM",
            id: "81977",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
         {
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            db: "BID",
            id: "36273",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            db: "PACKETSTORM",
            id: "80892",
         },
         {
            db: "PACKETSTORM",
            id: "81005",
         },
         {
            db: "PACKETSTORM",
            id: "81977",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
         {
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2009-08-31T00:00:00",
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            date: "2009-09-03T00:00:00",
            db: "BID",
            id: "36273",
         },
         {
            date: "2009-10-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            date: "2009-09-01T07:26:38",
            db: "PACKETSTORM",
            id: "80892",
         },
         {
            date: "2009-09-04T15:24:55",
            db: "PACKETSTORM",
            id: "81005",
         },
         {
            date: "2009-10-14T18:32:45",
            db: "PACKETSTORM",
            id: "81977",
         },
         {
            date: "2009-09-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
         {
            date: "2009-09-04T10:30:01.907000",
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2009-09-02T00:00:00",
            db: "CERT/CC",
            id: "VU#276653",
         },
         {
            date: "2009-10-13T20:58:00",
            db: "BID",
            id: "36273",
         },
         {
            date: "2009-10-30T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2009-002073",
         },
         {
            date: "2021-08-16T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
         {
            date: "2024-11-21T01:05:04.427000",
            db: "NVD",
            id: "CVE-2009-2521",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#276653",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "resource management error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200909-069",
         },
      ],
      trust: 0.6,
   },
}

gsd-2009-2521

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-2521

Aliases

CVE-2009-2521

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2009-2521",
      description: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
      id: "GSD-2009-2521",
      references: [
         "https://packetstormsecurity.com/files/cve/CVE-2009-2521",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2009-2521",
         ],
         details: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
         id: "GSD-2009-2521",
         modified: "2023-12-13T01:19:46.959748Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "secure@microsoft.com",
            ID: "CVE-2009-2521",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "oval:org.mitre.oval:def:6508",
                  refsource: "OVAL",
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
               },
               {
                  name: "975191",
                  refsource: "MSKB",
                  url: "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191",
               },
               {
                  name: "TA09-286A",
                  refsource: "CERT",
                  url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
               },
               {
                  name: "MS09-053",
                  refsource: "MS",
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
               },
               {
                  name: "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
                  refsource: "FULLDISC",
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:internet_information_services:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "7.0",
                        versionStartIncluding: "5.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2009-2521",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka \"IIS FTP Service DoS Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-400",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20090903 Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE (\"Stack Exhaustion\")",
                     refsource: "FULLDISC",
                     tags: [
                        "Broken Link",
                     ],
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html",
                  },
                  {
                     name: "TA09-286A",
                     refsource: "CERT",
                     tags: [
                        "Third Party Advisory",
                        "US Government Resource",
                     ],
                     url: "http://www.us-cert.gov/cas/techalerts/TA09-286A.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:6508",
                     refsource: "OVAL",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508",
                  },
                  {
                     name: "975191",
                     refsource: "MSKB",
                     tags: [
                        "Patch",
                        "Vendor Advisory",
                     ],
                     url: "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q975191",
                  },
                  {
                     name: "MS09-053",
                     refsource: "MS",
                     tags: [
                        "Patch",
                        "Vendor Advisory",
                     ],
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2020-11-23T19:50Z",
         publishedDate: "2009-09-04T10:30Z",
      },
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2009-2521

Vulnerability from cvelistv5

ghsa-w8g4-h8cc-352m

Vulnerability from github

fkie_cve-2009-2521

Vulnerability from fkie_nvd

var-200909-0359

Vulnerability from variot

gsd-2009-2521

Vulnerability from gsd

Tags

Sightings

Nomenclature