Rhinosoft Serv-U FTP Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Serv-U FTP Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let the attacker conduct directory traversal attack or can cause denial of service. Impact Level: System/Application

Solution

Upgrade to Rhinosoft Serv-U FTP Server version 10 or later, For updates refer to http://www.serv-u.com

Insight

- Error when processing 'MKD' commands which can be exploited to create directories residing outside a given user's home directory via directory traversal attacks. - Error when handing certain FTP commands, by sending a large number of 'SMNT' commands without an argument causes the application to stop responding.

Affected

Rhinosoft Serv-U FTP Server version 7.4.0.1 or prior.

References

http://www.vupen.com/english/advisories/2009/0738
http://xforce.iss.net/xforce/xfdb/49260

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0967, CVE-2009-1031
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:C/A:N

Related Vulnerabilities

FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
Abyss httpd crash
ClamAV Multiple Vulnerabilities (Linux)
Active Perl Denial of Service Vulnerability (Windows)
Check for RealServer DoS

Take action and discover your vulnerabilities