IIS FTP RNTO Overwrites Existing Files (161067)


The information in this article applies to:

  • Microsoft Internet Information Server 1.0
  • Microsoft Internet Information Server 2.0
  • Microsoft Internet Information Server 3.0
  • Microsoft Internet Information Server 4.0
This article was previously published under Q161067
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SYMPTOMS

In the FTP Service included with Internet Information Server (IIS) versions 1.0 and 2.0, if you have write permissions you can overwrite an existing file with the FTP RNTO command.

NOTE: This issue will also occur on the Microsoft FTP Server Service in Windows NT version 3.1 through version 3.51.

WORKAROUND

Create an automated process to copy existing FTP upload files to a separate directory that is not available to the FTP client. This would eliminate the overwriting of existing files through the FTP clients' use of the FTP RNTO command.

STATUS

Microsoft has confirmed this to be a problem in Microsoft Internet Information Server.

Modification Type:MinorLast Reviewed:6/23/2005
Keywords:kbbug kbpending KB161067
©2004 Microsoft Corporation. All rights reserved.