Serv-U < Multiple Vulnerabilities (DoS, Traversal)

Medium Nessus Plugin ID 36035


The remote FTP server is affected by multiple vulnerabilities.


The installed version of Serv-U is earlier than and thus is reportedly affected by the following issues :

- A directory traversal vulnerability enables an authenticated, remote attacker to create directories outside his or her home directory. (CVE-2009-1031)

- An authenticated, remote attacker can cause the FTP service to become saturated for a long period of time using a long series of 'SMNT' commands without an argument. During this time, new connections would not be allowed. (CVE-2009-0967)


Upgrade to Serv-U version or later.

See Also

Plugin Details

Severity: Medium

ID: 36035

File Name: servu_8_0_0_1.nasl

Version: $Revision: 1.16 $

Type: remote

Family: FTP

Published: 2009/03/27

Modified: 2016/12/14

Dependencies: 48434

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Temporal Vector: CVSS2#E:POC/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:serv-u:serv-u

Required KB Items: ftp/servu

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2009-0967, CVE-2009-1031

BID: 34125, 34127

OSVDB: 52773, 52900

EDB-ID: 8211, 8212

Secunia: 34329

CWE: 22, 399