RE: plugging old IIS FTP holes
From: Stuart (secmail_at_patchsupplier.dyndns.org)
Date: 07/21/03
- Previous message: Lee Evans: "RE: plugging old IIS FTP holes"
- In reply to: Lee Evans: "RE: plugging old IIS FTP holes"
- Next in thread: Stuart: "RE: plugging old IIS FTP holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Mon, 21 Jul 2003 15:20:00 +0100
Has anyone been successful in removing the "Microsoft FTP Service" part
of the banner? Or does anyone know of a way to do this?
Thanks
Stu
-----Original Message-----
From: Lee Evans [mailto:lee@vital.co.uk]
Sent: 21 July 2003 15:11
To: 'Douglas Schlenker'; focus-ms@securityfocus.com
Subject: RE: plugging old IIS FTP holes
Note the nessus information:
" *** Warning : we could not verify this vulnerability.
*** Nessus solely relied on the banner of this server"
The patch in question is superseeded by / included in SP3. You don't
need to
apply the separate patch, you are already protected against the
vulnerability.
If you want to stop nessus reporting this, use the Internet Services
Manager
to change the banner of the FTP service.
Regards
Lee
-- Lee Evans http://www.leevans.org > -----Original Message----- > From: Douglas Schlenker [mailto:Douglas.Schlenker@RoyalRoads.ca] > Sent: 19 July 2003 00:02 > To: focus-ms@securityfocus.com > Subject: plugging old IIS FTP holes > > > Hi there, > > I just finished running a Nessus scan against a new server > I'm bringing up. One of the "high" risk factor warning I > received was this: > > It may be possible to make the remote FTP server crash > by sending the command 'STAT *?AAA...AAA. > An attacker may use this flaw to prevent your site from > distributing files > *** Warning : we could not verify this vulnerability. > *** Nessus solely relied on the banner of this server > Solution : Apply the relevant hotfix from Microsoft > See:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp > > I went to Microsofts website and downloaded the appropriate > patch. When I went to install it, the installation failed > because the patch will not install on a server that has a > newer Service Pack than SP2. > > Any ideas how I can fix this hole without applying the patch? > (Or, is there an alternate patch for SP3 users?) > > Sincerely, > > Douglas Schlenker > > > -------------------------------------------------------------- > --------------- > -------------------------------------------------------------- > ---------------- > > ------------------------------------------------------------------------ ----- ------------------------------------------------------------------------ ------ ----------------------------------------------------------------------------- ------------------------------------------------------------------------------
- Previous message: Lee Evans: "RE: plugging old IIS FTP holes"
- In reply to: Lee Evans: "RE: plugging old IIS FTP holes"
- Next in thread: Stuart: "RE: plugging old IIS FTP holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
