Reported January 26, 2004 by Qianwei Hu.
VERSIONS AFFECTED
-
Serv-U FTP Server, version 4.1.0.7 and 4.1.0.11
DESCRIPTION
Serv-U FTP Server is vulnerable to a remote buffer overflow exploit in the CHMOD command processor. An attacker can login to the server and inject shell code to the server, thereby launching a remove command shell service on the desire port.
VENDOR RESPONSE
The vendor, Rhinosoft.com, is aware of the problem.
CREDIT
Discovered by [email protected].
2 comments
Hide comments