|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
The Serv-U FTP server is vulnerable to a remote buffer overflow attack when processing a long time zone argument to the MDTM command. This command is only available to authenticated users (including anonymous) and may be exploited to execute arbitrary code with the privileges of the FTP service. This service often runs with administrative privileges and successful exploitation may result in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Location:
Local Access Required,
Remote/Network Access Required
Attack Type:
Input Manipulation,
Other
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 5.0.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Serv-U
 |
3.0.0.16 |
3.0.0.17 |
3.1.0.0 |
3.1.0.1 |
3.1.0.3 |
4.0.0.4 |
4.1.0.0 |
4.1.0.3 |
5.0.0.0 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
