Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Serv-U < 7.3.0.1 Multiple Remote Vulnerabilities

Medium

Synopsis

The remote FTP server is affected by several vulnerabilities.

Description

The remote host is running Serv-U File Server, an FTP server for Windows.

The installed version of Serv-U is earlier than 7.3.0.1 and thus is reportedly affected by the following issues : - An authenticated remote attacker can cause the service to consume all CPU time on the remote host by specifying a Windows port (eg, 'CON:') when using the STOU command provided he has write access to a directory. - An authenticated remote attacker can overwrite or create arbitrary files via a directory traversal attack in theRNTO command. - An authenticated remote attacker may be able to upload a file to the current Windows directory with rename by placing the destination in '\' (ie, 'My Computer').

Solution

Upgrade to version 7.3.0.1 or higher.