Serv-U.FTP.MDTM.Buffer.Overflow
Description
This indicates a possible exploit of a buffer-overflow vulnerability in the Serv-U FTP software.
The vulnerability is due to the application's failure to sanitize timezone arguments of the MDTM FTP command. An attacker may exploit this and execute arbitrary code on the vulnerable system by sending MDTM FTP command with an overly long string.
Affected Products
RhinoSoft Serv-U 4.2
RhinoSoft Serv-U 4.1 .0.11
RhinoSoft Serv-U 4.1
RhinoSoft Serv-U 4.0 .0.4
RhinoSoft Serv-U 3.1
RhinoSoft Serv-U 3.0
Impact
Allows remote authenticated users to execute arbitrary code.
Recommended Actions
Upgrade to Serv-U FTP server 5.0 and later versions at http://www.serv-u.com/.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |