Microsoft IIS FTP NO ACCESS 读取/删除 文件漏洞

漏洞信息详情

Microsoft IIS FTP NO ACCESS 读取/删除 文件漏洞

• CNNVD编号：CNNVD-199909-041
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-0777
  
• 漏洞类型：
  
  
  权限许可和访问控制
  
• 发布时间：
  
  1999-09-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  This information w…

IIS FTP服务器中存在漏洞，远程攻击者利用该漏洞读取或者删除服务器中的文件，即使他们有“拒绝访问”权限。

Microsoft has released a hotfix for this vulnerability. This hotfix was too late to be included in NT 4.0 SP6 (as yet unreleased), so it has been released as an IIS Post -SP6 hotfix for IIS and a fix for CIS. The patches can be found at
IIS 4.0:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/IIS40/hotfixes-postSP6/security/IPRFTP-fix/
MCIS 2.5:
ftp://ftp.microsoft.com/bussys/mcis/mcis-public/fixes/usa/mcis25/security/ftpsvc-fix/
Microsoft states there are no negative ramifications to applying this hotfix to SP4 or SP5 hosts who have not installed the previously referenced FTP hotfix.
The hotfix designed to correct this problem was not released in time for the upcoming NT 4.0 Service Pack 6. Service Pack 6 contains the “buggy” hotfix and will be vulnerable to this error when it is released. It will be necessary to install this hotfix after installing Service Pack 6, regardless of whether or not the Service Pack 5 installation was vulnerable.

来源: BID
名称: 658
链接:http://www.securityfocus.com/bid/658

来源: MS
名称: MS99-039
链接:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp

来源: MSKB
名称: Q242559
链接:http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q242559

来源: MSKB
名称: Q241407
链接:http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q241407