Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 14 Nov 2012 13:29:49 +0100
Type : VULN
Sujet : CERT-Renater : 2012/VULN464 (Microsoft : Moderate Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure)
===================================================================
                             CERT-Renater

                  Note d'Information No. 2012/VULN464
____________________________________________________________________

DATE                :  14/11/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Microsoft FTP Service version
                     7.0 for IIS 7.0, 7.5 for IIS 7.0, 7.5 for IIS 7.5,
                      Microsoft IIS version 7.5.

======================================================================
KB2733829
http://technet.microsoft.com/en-us/security/bulletin/ms12-073 	
______________________________________________________________________

Microsoft Security Bulletin MS12-073 - Moderate Vulnerabilities in
Microsoft Internet Information Services (IIS) Could Allow Information
Disclosure (2733829)


Published Date: November 13, 2012

Version: 1.0


General Information


Executive Summary

This security update resolves one publicly disclosed vulnerability and
one privately reported vulnerability in Microsoft Internet Information
Services (IIS). The more severe vulnerability could allow information
disclosure if an attacker sent specially crafted FTP commands to the
server.

This security update is rated Moderate for IIS 7.0 on all supported
editions of Windows Vista and Windows Server 2008, and IIS 7.5 on all
supported editions of Windows Vista, Windows Server 2008, Windows 7,
and Windows Server 2008 R2.


Affected Software

Microsoft FTP Service 7.0 for IIS 7.0
Microsoft FTP Service 7.5 for IIS 7.0
Internet Information Services 7.5
Microsoft FTP Service 7.5 for IIS 7.5


Vulnerability Information


Password Disclosure Vulnerability - CVE-2012-2531

An information disclosure vulnerability exists when Microsoft Internet
Information Services (IIS) fails to properly protect log files.


FTP Command Injection Vulnerability - CVE-2012-2532

An information disclosure vulnerability exists in the way that
Microsoft Internet Information Services (IIS) FTP Service negotiates
encrypted communications channels.

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================

[An attachment of type application/pkcs7-signature was included here]