Serv-U 7.x < 7.3.0.1 Multiple Remote Vulnerabilities (DoS, Traversal)

high Nessus Plugin ID 34398

Synopsis

The remote FTP server is affected by several vulnerabilities.

Description

The installed version of Serv-U 7.x is earlier than 7.3.0.1 and thus is reportedly affected by the following issues :

- An authenticated, remote attacker can cause the service to consume all CPU time on the remote host by specifying a Windows port (eg, 'CON:') when using the STOU command provided he has write access to a directory.

- An authenticated, remote attacker can overwrite or create arbitrary files via a directory traversal attack in the RNTO command.

- An authenticated, remote attacker may be able to upload a file to the current Windows directory with rename by placing the destination in '\' (ie, 'My Computer').

Solution

Upgrade to Serv-U version 7.3.0.1 or later.

See Also

http://www.serv-u.com/kb/1769/ServU-7-vs-ServU-6

https://support.solarwinds.com/Success_Center/Serv-U_Managed_File_Transfer_Serv-U_FTP_Server/Serv-U_Documentation/release_notes

Plugin Details

Severity: High

ID: 34398

File Name: servu_7_3_0_1.nasl

Version: 1.21

Type: remote

Family: FTP

Published: 10/14/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:serv-u:serv-u

Required KB Items: ftp/servu

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-4500, CVE-2008-4501

BID: 31556, 31563

CWE: 20, 22

SECUNIA: 32150