RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow Vulnerability
BID:10181
Info
RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow Vulnerability
| Bugtraq ID: | 10181 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2004 12:00AM |
| Updated: | Apr 20 2004 12:00AM |
| Credit: | Discovery of this issue is credited to STORM <[email protected]>. |
| Vulnerable: |
Rhino Software Serv-U 5.0 .0.4 Rhino Software Serv-U 4.2 Rhino Software Serv-U 4.1 .0.11 Rhino Software Serv-U 4.1 Rhino Software Serv-U 4.0 .0.4 Rhino Software Serv-U 3.1 Rhino Software Serv-U 3.0 |
| Not Vulnerable: |
Rhino Software Serv-U 5.0 .0.6 |
Discussion
RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow Vulnerability
Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed.
Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input.
Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed.
Exploit / POC
RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow Vulnerability
The following proof of concept exploit has been provided:
The following proof of concept exploit has been provided:
Solution / Fix
RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue. Please contact the vendor for more information and details on obtaining the upgrade.
Solution:
The vendor has released an upgrade dealing with this issue. Please contact the vendor for more information and details on obtaining the upgrade.
References
RhinoSoft Serv-U FTP Server LIST Parameter Buffer Overflow Vulnerability
References:
References:
- Serv-U Homepage (RhinoSoft)
- Serv-U LIST -l Parameter Buffer Overflow (SecuriTeam.com)