Serv-U < 8.0.0.1 Multiple Vulnerabilities (DoS, Traversal)

medium Nessus Plugin ID 36035

Synopsis

The remote FTP server is affected by multiple vulnerabilities.

Description

The installed version of Serv-U is earlier than 8.0.0.1 and thus is reportedly affected by the following issues :

- A directory traversal vulnerability enables an authenticated, remote attacker to create directories outside his or her home directory. (CVE-2009-1031)

- An authenticated, remote attacker can cause the FTP service to become saturated for a long period of time using a long series of 'SMNT' commands without an argument. During this time, new connections would not be allowed. (CVE-2009-0967)

Solution

Upgrade to Serv-U version 8.0.0.1 or later.

See Also

https://support.solarwinds.com/Success_Center/Serv-U_Managed_File_Transfer_Serv-U_FTP_Server/Serv-U_Documentation/release_notes

Plugin Details

Severity: Medium

ID: 36035

File Name: servu_8_0_0_1.nasl

Version: 1.19

Type: remote

Family: FTP

Published: 3/27/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:serv-u:serv-u

Required KB Items: ftp/servu

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2009-0967, CVE-2009-1031

BID: 34125, 34127

CWE: 22, 399

SECUNIA: 34329