RhinoSoft Serv-U FTPS Server Command Channel SSL Negotiation Security Bypass Vulnerability
BID:50881
Info
RhinoSoft Serv-U FTPS Server Command Channel SSL Negotiation Security Bypass Vulnerability
| Bugtraq ID: | 50881 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 01 2011 12:00AM |
| Updated: | Dec 01 2011 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Rhino Software Serv-U 9.0 .5 Rhino Software Serv-U 7.4 0 Rhino Software Serv-U 6.1 .0.5 Rhino Software Serv-U 6.1 .0.4 Rhino Software Serv-U 6.1 .0.1 Rhino Software Serv-U 6.1 .0.0 Rhino Software Serv-U 6.0 .0.2 Rhino Software Serv-U 6.0 .0.1 Rhino Software Serv-U 6.0 Rhino Software Serv-U 5.2 .0.1 Rhino Software Serv-U 5.2 .0.0 Rhino Software Serv-U 5.1 .0 Rhino Software Serv-U 5.0 .0.9 Rhino Software Serv-U 5.0 .0.6 Rhino Software Serv-U 5.0 .0.4 Rhino Software Serv-U 4.2 Rhino Software Serv-U 4.1 .0.11 Rhino Software Serv-U 4.1 Rhino Software Serv-U 4.0 .0.4 Rhino Software Serv-U 3.1 Rhino Software Serv-U 3.0 Rhino Software Serv-U 2.5 Rhino Software Serv-U 9.4.0.0 Rhino Software Serv-U 9.3.0.1 Rhino Software Serv-U 9.2.0.1 Rhino Software Serv-U 9.1.0.4 Rhino Software Serv-U 9.1.0.2 Rhino Software Serv-U 9.1.0.0 Rhino Software Serv-U 9.0.0.1 Rhino Software Serv-U 8.3.0.23 Rhino Software Serv-U 8.3.0.2 Rhino Software Serv-U 8.3.0.1 Rhino Software Serv-U 8.3.0.0 Rhino Software Serv-U 8.2.0.3 Rhino Software Serv-U 8.2.0.0 Rhino Software Serv-U 8.1.0.0 Rhino Software Serv-U 8.0.0.0 Rhino Software Serv-U 7.9.0.0 Rhino Software Serv-U 7.8.0.0 Rhino Software Serv-U 7.7.0.0 Rhino Software Serv-U 7.6.0.0 Rhino Software Serv-U 7.5.0.0 Rhino Software Serv-U 7.4.0.1 Rhino Software Serv-U 7.4.0.0 Rhino Software Serv-U 7.3.0.2 Rhino Software Serv-U 7.3.0.0 Rhino Software Serv-U 7.2.0.1 Rhino Software Serv-U 7.2.0.0 Rhino Software Serv-U 7.0.0.1 Rhino Software Serv-U 11.0.0.2 Rhino Software Serv-U 11.0.0.0 Rhino Software Serv-U 10.5.0.24 Rhino Software Serv-U 10.5 Rhino Software Serv-U 10.3.0.1 Rhino Software Serv-U 10.3.0.0 Rhino Software Serv-U 10.2.0.2 Rhino Software Serv-U 10.2.0.0 Rhino Software Serv-U 10.1.0.1 Rhino Software Serv-U 10.0.0.2 |
| Not Vulnerable: |
Rhino Software Serv-U 11.1.0.3 |
Discussion
RhinoSoft Serv-U FTPS Server Command Channel SSL Negotiation Security Bypass Vulnerability
RhinoSoft Serv-U is prone to a security-bypass vulnerability.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks.
Versions prior to Serv-U 11.1.0.3 are vulnerable.
RhinoSoft Serv-U is prone to a security-bypass vulnerability.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks.
Versions prior to Serv-U 11.1.0.3 are vulnerable.
Exploit / POC
RhinoSoft Serv-U FTPS Server Command Channel SSL Negotiation Security Bypass Vulnerability
An attacker can exploit this issue through man-in-the-middle attacks.
An attacker can exploit this issue through man-in-the-middle attacks.
Solution / Fix
RhinoSoft Serv-U FTPS Server Command Channel SSL Negotiation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
RhinoSoft Serv-U FTPS Server Command Channel SSL Negotiation Security Bypass Vulnerability
References:
References:
- Serv-U Homepage (Rhino Software)
- Serv-U Release Notes (Serv-U)