Serv-U < 9.4.0.0

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by multiple vulnerabilities.

Description :

According to its banner, the installed version of Serv-U is earlier
than 9.4.0.0, and is, therefore, potentially affected by the following
issues :

- When importing users, restricted administrators could
create user accounts outside their home directory.

- When exporting users, restricted administrators could
see a user's full path for home directory, virtual paths,
and directory access rules.

- A restricted domain administrator could create a user
or group that was not locked in the user's home
directory.

- A denial of service issue when handling a large number
of concurrent HTTP requests.

See also :

http://www.serv-u.com/releasenotes/

Solution :

Upgrade to Serv-U version 9.4.0.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 45140 ()

Bugtraq ID: 38923

CVE ID: