Rhinosoft Serv-U FTP Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Serv-U FTP Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let the attacker conduct directory traversal attack or can cause denial of service. Impact Level: System/Application

Solution

Upgrade to Rhinosoft Serv-U FTP Server version 10 or later, For updates refer to http://www.serv-u.com

Insight

- Error when processing 'MKD' commands which can be exploited to create directories residing outside a given user's home directory via directory traversal attacks. - Error when handing certain FTP commands, by sending a large number of 'SMNT' commands without an argument causes the application to stop responding.

Affected

Rhinosoft Serv-U FTP Server version 7.4.0.1 or prior.

References

http://www.vupen.com/english/advisories/2009/0738
http://xforce.iss.net/xforce/xfdb/49260

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0967, CVE-2009-1031

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:N/I:C/A:N

Related Vulnerabilities

FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)
Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)
Adobe Flash Media Server Memory Corruption Remote Denial of Service Vulnerability
GoodTech SSH Server SFTP Multiple BOF Vulnerabilities

Take action and discover your vulnerabilities