Remote Buffer Overflow in Serv-U FTP Server

Reported January 26, 2004 by Qianwei Hu.


VERSIONS AFFECTED

  • Serv-U FTP Server, version 4.1.0.7 and 4.1.0.11

DESCRIPTION

Serv-U FTP Server is vulnerable to a remote buffer overflow exploit in the CHMOD command processor. An attacker can login to the server and inject shell code to the server, thereby launching a remove command shell service on the desire port.

VENDOR RESPONSE

The vendor, Rhinosoft.com, is aware of the problem.

CREDIT

Discovered by [email protected].

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish