News
Vigil@nce - IIS FTP: two vulnerabilities
November 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of the FTP service of IIS,
in order to obtain information.
Impacted products: IIS, Windows 2008, Windows 7, Windows Vista
Severity: 2/4
Creation date: 14/11/2012
DESCRIPTION OF THE VULNERABILITY
The IIS product provides a FTP service. However, two
vulnerabilities impact this service.
A local attacker can read the log file, in order to discover
passwords of users of the FTP service. [severity:2/4; BID-56439,
CVE-2012-2531]
When the FTP server rejects the anonymous authentication, and uses
TLS, an attacker can send some FTP commands, in order to obtain
information. [severity:2/4; BID-56440, CVE-2012-2532]
An attacker can therefore use two vulnerabilities of the FTP
service of IIS, in order to obtain information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IIS-FTP-two-vulnerabilities-12143
