Via US CERT -
Microsoft Internet Information Services (IIS) FTP Service Vulnerability
US-CERT is aware of a public report of a vulnerability affecting the Microsoft Internet Information Services (IIS) FTP service. This vulnerability may allow a remote attacker to execute arbitrary code.
US-CERT encourages administrators to disable anonymous write access to the FTP server to help mitigate the vulnerability, although a proper impact analysis should be performed prior to taking defensive measures.
US-CERT will provide additional information as it becomes available.
---------------------------
Exploit posted on Milw0rm by Kingcope - http://www.milw0rm.com/exploits/9541
HD Moore is working to add the exploit to the Metasploit Framework as well.
Emerging Threats have released a signature for the milw0rm IIS-FTP
exploit. It's available in the signature tarballs and a history is available in CVS.
No comments:
Post a Comment