Serv-U File Renaming Directory Traversal And 'STOU' DoS Vulnerabilities Network Vulnerability

Summary

The host is running Serv-U FTP Server, which is prone to Directory Traversal and Denial of Service Vulnerabilities. The flaws are due to, - error in handling 'STOU' FTP command. It can exhaust available CPU resources when exploited through a specially crafted argument vaule. - input validation error in the FTP service when renaming files which can be exploited to overwrite or rename files via directory traversal attacks.

Impact

Successful exploitation allows an attacker to write arbitrary files to locations outside of the application's current directory, and deny the service. Impact Level : Application

Solution

Upgrade to RhinoSoft Serv-U FTP Server 10 or later, For updates refer to http://www.serv-u.com/dn.asp

Affected

RhinoSoft Serv-U FTP Server 7.3.0.0 and prior

References

http://secunia.com/advisories/32150/
http://xforce.iss.net/xforce/xfdb/45653

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Foxit Reader Multiple Denial of Service Vulnerabilities - Jun09
Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
Abyss httpd crash
CA kmxfw.sys Code Execution and DoS Vulnerabilities
Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Windows)

Serv-U File Renaming Directory Traversal and 'STOU' DoS Vulnerabilities

Take action and discover your vulnerabilities