Contents tagged with FTP
-
FTP recursive list after applying MS09-053
We recently released fixes for the publicly disclosed FTP vulnerabilities. One of the after-effects of applying this update will be that recursive list commands to IIS FTP 5.x, 6.0 will return the non-recursive listing. To make it clear, this feature does not exist on IIS FTP 7.x either, and that is why I did not include those versions in the previous statement. For those that will miss this feature, there is a workaround on Robert McMurray’s blog.
-
Fixes released for FTP vulnerabilities
Microsoft has released security bulletin MS09-053 that will address the FTP vulnerabilities that were publicly disclosed a couple of weeks ago. The information in this bulletin supercedes the previous advisory.
-
[Updated] IIS FTP server vulnerabilities for FTP 5.x and FTP 6
There have been two recently publicly disclosed vulnerabilities for FTP 5, FTP 5.1 and FTP 6. Wade has gone through great detail to explain what platforms are affected by each vulnerability in his blog post. Microsoft has released and refreshed an advisory that covers the details, mitigations and workarounds for the vulnerability. The Microsoft Security Research and Defense team has a blog about the exploit details for the original vulnerability. Here is the summary including both vulnerabilities:
-
Updated advisory for FTP Vulnerability on IIS
The public exposure of another vulnerability in the FTP stack has caused a revision in the Microsoft advisory. Please refer the advisory @ http://www.microsoft.com/technet/security/advisory/975191.mspx to get updated information on exposure and impact of vulnerabilities. I have previously discussed this information in an earlier blog post and have updated this post as well. Microsoft Security Response Center (MSRC) has a revised blog as well.