Serv-U MDTM Command Overflow

high Nessus Plugin ID 12080

Language:

Synopsis

The remote FTP server is affected by a buffer overflow vulnerability.

Description

The remote host is running Serv-U FTP server.

There is a bug in the way this server handles arguments to the MDTM requests that could allow an attacker to trigger a buffer overflow in this server and disable it remotely or potentially execute arbitrary code on the host.

Solution

Upgrade to Serv-U 5.0.0.4 or later.

See Also

https://seclists.org/bugtraq/2004/Feb/646

Plugin Details

Severity: High

ID: 12080

File Name: ftp_servu_mdtm_overflow.nasl

Version: 1.25

Type: remote

Family: FTP

Published: 2/26/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:serv-u:serv-u

Required KB Items: ftp/servu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/25/2004

Vulnerability Publication Date: 2/25/2004

Exploitable With

Metasploit (Serv-U FTPD MDTM Overflow)

Reference Information

CVE: CVE-2004-0330

BID: 9751

Secunia: 10989