COMMAND

    IIS (ftp)

SYSTEMS AFFECTED

    Win NT with MS IIS 4.0

PROBLEM

    Marcos Guillen found following.  If a site is running IIS 4.0  FTP
    server  with  more  than  100  diferent  FTP Virtual Directorys or
    Virtual sites, a Denial of Service Attack can be easily  performed
    sending more than 10 simultaneous PUT or DELETE ftp orders against
    a public ftp directory.  After a few minutes, the FTP server start
    responding with a "426 Connection closed; transfer aborted"  error
    to ALL  FTP   public or  private Virtual  directories and sites on
    that  machine,  making  it  unabaileble  to  any  user,  including
    Administrators.   Only a  complete IIS  4.0 stop  and restart will
    solve the problem.

    Further more, if a legitimated  user trys to replace files  on the
    server after the attack is performed, the files will be locked and
    overwrited with a 0  Kb file with the  same name than the  old one
    the user was trying to replace. This will produce a "File contains
    no data" error to any browser trying to display that file from the
    IIS 4.0 Web Service. The file will remain locked even from a local
    Administrator Windows NT Explorer  console, untill a complete  IIS
    4.0 stop and restart is performed.

SOLUTION

    Nothing yet.