Intrusion Prevention

Serv-U.FTP.Server.RNTO.Directory.Traversal

Description

This indicates an attempt to exploit a directory traversal vulnerability in the Rhino Software Serv-U FTP Server.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malformed RNTO command. It allows a remote attacker to write arbitrary files to any location on the vulnerable server.

Affected Products

RhinoSoft Serv-U 7.2 1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Update to version 7.3.0.1:
http://www.serv-u.com/customer/record.asp?prod=su.

CVE References

CVE-2008-4501