Serv-U 7.x < Multiple Remote Vulnerabilities (DoS, Traversal)

This script is Copyright (C) 2008-2011 Tenable Network Security, Inc.

Synopsis :

The remote FTP server is affected by several vulnerabilities.

Description :

The installed version of Serv-U 7.x is earlier than and thus
is reportedly affected by the following issues :

- An authenticated, remote attacker can cause the service
to consume all CPU time on the remote host by
specifying a Windows port (eg, 'CON:') when using the
STOU command provided he has write access to a

- An authenticated, remote attacker can overwrite or create
arbitrary files via a directory traversal attack in the
RNTO command.

- An authenticated, remote attacker may be able to upload a
file to the current Windows directory with rename by
placing the destination in '\' (ie, 'My Computer').

See also :

Solution :

Upgrade to Serv-U version or later.

Risk factor :

High / CVSS Base Score : 9.0
CVSS Temporal Score : 8.5
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 34398 ()

Bugtraq ID: 31556

CVE ID: CVE-2008-4500