Specially-Malformed FTP Requests May Create Denial of Service

ID: Q188348

The information in this article applies to:

Microsoft Internet Information Server versions 3.0, 4.0

SYMPTOMS

Specially-malformed FTP requests may create a Denial of Service in the FTP service, which causes Internet Information Server (IIS) to stop responding and generate an Access Violation error message.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:

http://www.microsoft.com/windows/servicepacks/

Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack

For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871 Determining If You Are Eligible for No-Charge Technical Support

IIS 4.0

The IIS 4.0 version of this hotfix must be installed over Windows NT 4.0 SP4. It has been posted to the following Internet location as Ftpls4i.exe (x86) and Ftpls4a.exe (Alpha):

ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/

IIS 3.0

The IIS 3.0 version of this hotfix must be installed over Windows NT 4.0 SP4. It has been posted to the following Internet location as Ftpls3i.exe (x86) and Ftpls3a.exe (Alpha):

ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/

NOTE: If you contact Microsoft to obtain this fix, a fee may be charged. This fee is refundable if it is determined that you only require the fix you requested. However, this fee is non-refundable if you request additional technical support, if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871
Determining If Your Product Is Eligible for No-Charge Technical Support

STATUS

Microsoft has confirmed this to be a problem in Internet Information Server versions 3.0 and 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 5.

Additional query words: IIS hotfix hot fix qfe quick engineering patch

Keywords : nt4sp5fix
Version : winnt:3.0,4.0
Platform : winnt
Issue type : kbbug