RE: plugging old IIS FTP holes

From: Lee Evans (lee_at_vital.co.uk)
Date: 07/21/03

  • Next message: Stuart: "RE: plugging old IIS FTP holes" 
    To: "'Douglas Schlenker'" <Douglas.Schlenker@RoyalRoads.ca>, <focus-ms@securityfocus.com>
Date: Mon, 21 Jul 2003 15:10:42 +0100

    Note the nessus information:

    " *** Warning : we could not verify this vulnerability.
      *** Nessus solely relied on the banner of this server"

    The patch in question is superseeded by / included in SP3. You don't need to
    apply the separate patch, you are already protected against the
    vulnerability.

    If you want to stop nessus reporting this, use the Internet Services Manager
    to change the banner of the FTP service.

    Regards
    Lee 

    -- 
Lee Evans
http://www.leevans.org
> -----Original Message-----
> From: Douglas Schlenker [mailto:Douglas.Schlenker@RoyalRoads.ca] 
> Sent: 19 July 2003 00:02
> To: focus-ms@securityfocus.com
> Subject: plugging old IIS FTP holes
> 
> 
> Hi there,
> 
> I just finished running a Nessus scan against a new server 
> I'm bringing up. One of the "high" risk factor warning I 
> received was this:
> 
> It may be possible to make the remote FTP server crash
> by sending the command 'STAT *?AAA...AAA.
> An attacker may use this flaw to prevent your site from 
> distributing files
> *** Warning : we could not verify this vulnerability.
> *** Nessus solely relied on the banner of this server
> Solution : Apply the relevant hotfix from Microsoft 
> See:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
> 
> I went to Microsofts website and downloaded the appropriate 
> patch. When I went to install it, the installation failed 
> because the patch will not install on a server that has a 
> newer Service Pack than SP2. 
> 
> Any ideas how I can fix this hole without applying the patch? 
> (Or, is there an alternate patch for SP3 users?)
> 
> Sincerely,
> 
> Douglas Schlenker
> 
> 
> --------------------------------------------------------------
> ---------------
> --------------------------------------------------------------
> ----------------
> 
> 
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
  • Next message: Stuart: "RE: plugging old IIS FTP holes"

    Relevant Pages

    • Re: Vulnerability Assessment
      ... levels based on current patch data and such. ... Scanners have evolved through marketing to being the means to a vulnerability assessment rather than a tool of one. ... Maybe it's the "final" report that throws so many people off-- that once the report is generated the work is done and not just the job. ... You know many IT security professionals can't even tell you why Nessus runs a traceroute to each and every host in the list. ...
      (Pen-Test)
    • plugging old IIS FTP holes
      ... I just finished running a Nessus scan against a new server I'm bringing up. ... One of the "high" risk factor warning I received was this: ... I went to Microsofts website and downloaded the appropriate patch. ...
      (Focus-Microsoft)
    • Re: SQL SP 3 and Slammer Virus
      ... SP3 is fine by itself, SP3 is build 760 which it looks like ... If you connect to your SQL Server using QA and run ... > I had read that "Users can verify installation of this ... > still patch with http://support.microsoft.com/default.aspx? ...
      (microsoft.public.sqlserver.security)
    • Security scan
      ... reboot my machine" thread... ... We fixed this one with nessus a while ago ... Why should I GR patch my machine? ... To join/leave the list, search archives, change list settings, * ...
      (comp.sys.hp.mpe)
    • Unable to check FE server option
      ... We currently have a BE Exch 2000 server. ... sp3 and ran the additional patch to sp3. ...
      (microsoft.public.exchange.setup)