Signature Detail
Short Name |
FTP:SERVU:CHMOD-OVERFLOW |
|---|---|
Severity |
Critical |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
FTP |
Keywords |
ServU CHMOD Filename Overflow |
Release Date |
2004/03/10 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: ServU CHMOD Filename Overflow
This signature detects attempts to exploit a known vulnerability in the ServU FTP server CHMOD command. The CHMOD command is typically used to change server file permissions. Attackers can send an overly long filename argument to the CHMOD command to execute arbitrary code with system privileges.
Extended Description
RhinoSoft Serv-U FTP Server is prone to a remote post-authentication buffer-overflow vulnerability. The vulnerability occurs when a malicious filename argument is passed to the SITE CHMOD command. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed.
Affected Products
- Rhino Software Serv-U 3.1.0
- Rhino Software Serv-U 4.0.0 .0.4
- Rhino Software Serv-U 4.1.0
- Rhino Software Serv-U 4.1.0 .0.11
- Rhino Software Serv-U 5.0.0 .0.4
References
- BugTraq: 9483
- BugTraq: 9675
- CVE: CVE-2004-2111
- URL: http://xforce.iss.net/xforce/xfdb/14931
- URL: http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=560