icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Serv-U < 9.4.0.0 Multiple Vulnerabilities

High

Synopsis

The remote FTP server is vulnerable to multiple attack vectors.

Description

The remote host is running Serv-U File Server, an FTP server for Windows. According to its banner, the installed version of Serv-U is earlier than 9.4.0.0, and is therefore potentially affected by the following issues :

- When importing users, restricted administrators could create user accounts outside their home directory.

- When exporting users, restricted administrators could see a user's full path for home directory, virtual paths, and directory access rules.

- A restricted domain administrator could create a user or group that was not locked in the user's home directory.

- A denial of service issue when handling a large number of concurrent HTTP requests.

Solution

Upgrade to Serv-U version 9.4.0.0 or later.