Vulnerability CVE-2009-3023 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3023 (CCN-52915)

Assigned:

2009-08-31

Published:

2009-08-31

Updated:

2021-02-05

Summary:

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.5 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
7.5 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-3023

Source: CCN
Type: SA36443
Microsoft Internet Information Services FTP Server NLST Buffer Overflow

Source: MSKB
Type: Patch, Vendor Advisory
975191

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
9541

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
9559

Source: CCN
Type: Microsoft IIS Web site
The Official Microsoft IIS Site

Source: CCN
Type: IBM Internet Security Systems Protection Alert
Microsoft Internet Information Services FTP Remote Code Execution

Source: CCN
Type: US-CERT VU#276653
Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#276653

Source: CCN
Type: Microsoft Security Bulletin MS09-053
Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

Source: BID
Type: Exploit, Third Party Advisory, VDB Entry
36189

Source: CCN
Type: BID-36189
Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability

Source: CERT
Type: Third Party Advisory, US Government Resource
TA09-286A

Source: VUPEN
Type: Third Party Advisory
ADV-2009-2481

Source: MS
Type: Patch, Vendor Advisory
MS09-053

Source: XF
Type: UNKNOWN
iis-ftp-bo(52915)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:6080

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-03-2011]

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:internet_information_server:*:*:*:*:*:*:*:* (Version >= 5.0 and <= 6.0)

AND

cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Configuration 2:

cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:-:*

OR cpe:/o:microsoft:windows_vista:-:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:-:*

OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*

OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:-:*:x64:*

Configuration CCN 1:

cpe:/a:microsoft:internet_information_server:6.0:beta:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_information_server:5.0:*:*:*:far_east:*:*:*

OR cpe:/a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:x64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:6080	V	IIS FTP Service RCE and DoS Vulnerability	2011-10-31