RhinoSoft Serv-U FTP Server Resource Exhaustion Denial Of Service Vulnerability
BID:12213
Info
RhinoSoft Serv-U FTP Server Resource Exhaustion Denial Of Service Vulnerability
| Bugtraq ID: | 12213 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2005 12:00AM |
| Updated: | Jan 10 2005 12:00AM |
| Credit: | Discovery is credited to Christoph Burchert <[email protected]>. |
| Vulnerable: |
Rhino Software Serv-U 2.5 |
| Not Vulnerable: | |
Discussion
RhinoSoft Serv-U FTP Server Resource Exhaustion Denial Of Service Vulnerability
Serv-U FTP Server is reported prone to a remote denial of service vulnerability. This issue may allow remote attackers to crash an affected server.
It is reported that the vulnerable service does not properly handle multiple connection attempts. Successful exploitation can deny service to legitimate users.
Serv-U FTP 2.5 is reported prone to this vulnerability.
Serv-U FTP Server is reported prone to a remote denial of service vulnerability. This issue may allow remote attackers to crash an affected server.
It is reported that the vulnerable service does not properly handle multiple connection attempts. Successful exploitation can deny service to legitimate users.
Serv-U FTP 2.5 is reported prone to this vulnerability.
Exploit / POC
RhinoSoft Serv-U FTP Server Resource Exhaustion Denial Of Service Vulnerability
An exploit is not required.
A proof of concept may be available from the following location:
http://www.incast-security.de/data/exploits/Serv-U_2.5_DoS.pl
An exploit is not required.
A proof of concept may be available from the following location:
http://www.incast-security.de/data/exploits/Serv-U_2.5_DoS.pl
Solution / Fix
RhinoSoft Serv-U FTP Server Resource Exhaustion Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
RhinoSoft Serv-U FTP Server Resource Exhaustion Denial Of Service Vulnerability
References:
References:
- Serv-U Homepage (RhinoSoft)