RhinoSoft Serv-U FTP Server SITE CHMOD Buffer Overflow Vulnerability
BID:9675
Info
RhinoSoft Serv-U FTP Server SITE CHMOD Buffer Overflow Vulnerability
| Bugtraq ID: | 9675 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-2111 CVE-2004-2533 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 16 2004 12:00AM |
| Updated: | Nov 15 2007 12:37AM |
| Credit: | Discovery of this issue is credited to Some Guy <[email protected]>. This issue may also have been independently discovered by kkqq <[email protected]>. |
| Vulnerable: |
Rhino Software Serv-U 5.0 .0.4 Rhino Software Serv-U 4.1 .0.11 Rhino Software Serv-U 4.1 Rhino Software Serv-U 4.0 .0.4 Rhino Software Serv-U 3.1 |
| Not Vulnerable: | |
Discussion
RhinoSoft Serv-U FTP Server SITE CHMOD Buffer Overflow Vulnerability
RhinoSoft Serv-U FTP Server is prone to a remote post-authentication buffer-overflow vulnerability.
The vulnerability occurs when a malicious filename argument is passed to the SITE CHMOD command. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed.
RhinoSoft Serv-U FTP Server is prone to a remote post-authentication buffer-overflow vulnerability.
The vulnerability occurs when a malicious filename argument is passed to the SITE CHMOD command. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed.
Exploit / POC
RhinoSoft Serv-U FTP Server SITE CHMOD Buffer Overflow Vulnerability
The following proof-of-concept example will reportedly cause a server crash:
SITE CHMOD 666 \\...\UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code has been supplied:
The following proof-of-concept example will reportedly cause a server crash:
SITE CHMOD 666 \\...\UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code has been supplied:
Solution / Fix
RhinoSoft Serv-U FTP Server SITE CHMOD Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RhinoSoft Serv-U FTP Server SITE CHMOD Buffer Overflow Vulnerability
References:
References:
- Serv-U 4.1 Memory Corruption / Whatever (Der Ago
) - Serv-U chmod exploit (CORE Security)
- Serv-U Ftp Server Long Filename Stack Overflow Vunlnerablity (SST Group)
- Serv-U Homepage (RhinoSoft)