| VID |
16066 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Serv-U FTP server, according to its version number, has a buffer overflow vulnerability in the MDTM command.
RhinoSoft Serv-U FTP is an FTP server for Microsoft Windows operating systems. Serv-U FTP versions prior to 4.3 are vulnerable to a stack-based buffer overflow, caused by improper handling of arguments to the MDTM requests. If an excessively long filename is specified for the command, an internal buffer will be overrun, resulting in a failure of the FTP server.
A remote attacker, who is authenticated, can supply a MDTM command with a specially-crafted file name to overflow a buffer and execute arbitrary code on the affected system with the server's privileges.
* Note: This check solely relied on the version number of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/355376
* Platforms Affected:
Windows Any version
Rhino Software, Inc. Serv-U FTP Server prior to 4.3 |
| Recommendation |
Upgrade to the latest version of Serv-U (5.0 or later), available from the Serv-U Web site at http://www.serv-u.com/ |
| Related URL |
CVE-2004-0330 (CVE) |
| Related URL |
9751 (SecurityFocus) |
| Related URL |
15323 (ISS) |
|
