RhinoSoft Serv-U FTP Server MDTM Command Time Argument Buffer Overflow Vulnerability
BID:9751
Info
RhinoSoft Serv-U FTP Server MDTM Command Time Argument Buffer Overflow Vulnerability
| Bugtraq ID: | 9751 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0330 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 26 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this vulnerability has been credited to "bkbll" <[email protected]>. |
| Vulnerable: |
Rhino Software Serv-U 5.0 .0.4 Rhino Software Serv-U 4.2 Rhino Software Serv-U 4.1 .0.11 Rhino Software Serv-U 4.1 Rhino Software Serv-U 4.0 .0.4 Rhino Software Serv-U 3.1 Rhino Software Serv-U 3.0 |
| Not Vulnerable: |
Rhino Software Serv-U 5.0 .0.9 Rhino Software Serv-U 5.0 .0.6 Rhino Software Serv-U 5.0 .0.4 |
Discussion
RhinoSoft Serv-U FTP Server MDTM Command Time Argument Buffer Overflow Vulnerability
Serv-U FTP Server has been reported prone to a remote stack based buffer overflow vulnerability when handling time zone arguments passed to the MDTM FTP command.
The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user.
Serv-U FTP Server has been reported prone to a remote stack based buffer overflow vulnerability when handling time zone arguments passed to the MDTM FTP command.
The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user.
Exploit / POC
RhinoSoft Serv-U FTP Server MDTM Command Time Argument Buffer Overflow Vulnerability
Proof of concept and exploit code has been provided. "lion" <[email protected]> has released an updated version of the exploit servu_ftpd_mdtm.c:
An exploit (servu_mdtm_overflow.pm) has been released as part of the MetaSploit Framework 2.0.
CORE has developed a working commercial exploit for their IMPACT
product. This exploit is not otherwise publicly available or known
to be circulating in the wild.
Proof of concept and exploit code has been provided. "lion" <[email protected]> has released an updated version of the exploit servu_ftpd_mdtm.c:
An exploit (servu_mdtm_overflow.pm) has been released as part of the MetaSploit Framework 2.0.
CORE has developed a working commercial exploit for their IMPACT
product. This exploit is not otherwise publicly available or known
to be circulating in the wild.
Solution / Fix
RhinoSoft Serv-U FTP Server MDTM Command Time Argument Buffer Overflow Vulnerability
Solution:
This issue has been addressed in 5.x releases of Serv-U. Users should contact the vendor to obtain upgrades.
Solution:
This issue has been addressed in 5.x releases of Serv-U. Users should contact the vendor to obtain upgrades.
References
RhinoSoft Serv-U FTP Server MDTM Command Time Argument Buffer Overflow Vulnerability
References:
References:
- Serv-U Homepage (RhinoSoft)
- Serv-U MDTM exploit (CORE Security)
- [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability ("bkbll"
- Serv-U MDTM exploits ("Sam"