Serv-U < 18.104.22.168 Multiple Remote Vulnerabilities
Medium Nessus Network Monitor Plugin ID 4699
SynopsisThe remote FTP server is affected by several vulnerabilities.
DescriptionThe remote host is running Serv-U File Server, an FTP server for Windows.
The installed version of Serv-U is earlier than 22.214.171.124 and thus is reportedly affected by the following issues :
- An authenticated remote attacker can cause the service to consume all CPU time on the remote host by specifying a Windows port (eg, 'CON:') when using the STOU command provided he has write access to a directory.
- An authenticated remote attacker can overwrite or create arbitrary files via a directory traversal attack in theRNTO command.
- An authenticated remote attacker may be able to upload a file to the current Windows directory with rename by placing the destination in '\' (ie, 'My Computer').
SolutionUpgrade to version 126.96.36.199 or higher.