Serv-U SITE CHMOD Command Multiple Vulnerabilities
High Nessus Plugin ID 12037
SynopsisThe remote FTP server is affected by a buffer overflow vulnerability.
DescriptionThe remote host is running Serv-U FTP Server.
There is a bug in the way the server handles arguments to the SITE CHMOD requests that could allow an attacker to trigger a buffer overflow or corrupt memory in the server and disable it remotely or to potentially execute arbitrary code on the host.
Note that successful exploitation requires access to a writable directory and will result in code running with Administrator or SYSTEM privileges by default.
SolutionUpgrade to Serv-U FTP Server version 4.2 or later.