Serv-U FTP Server MDTM timezone buffer overflow

Added: 10/27/2006
CVE: CVE-2004-0330
BID: 9751
OSVDB: 4073

Background

Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files.

Problem

A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the MDTM command with a specially crafted timezone parameter.

Resolution

Upgrade to Serv-U FTP Server 5.0.0.4 or higher.

References

http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0048.html

Limitations

Exploit works on Serv-U FTP Server 4.1.0.0 and requires a valid FTP user name and password.

Platforms

Windows 2000
Windows XP

Back to exploit index