Friday, September 4, 2009

MS IIS FTPD DoS ZER0DAY

Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE

There is a DoS vulnerability in the globbing functionality of IIS FTPD.
Anonymous users can exploit this if they have read access to a directory!!!
Normal users can exploit this too if they can read a directory.

Example session where the anonymous user has read access to the folder "pub":

See:http://archives.free.net.ph

No comments: