Serv-U FTP site chmod buffer overflow

Added: 07/17/2006
CVE: CVE-2004-2111
BID: 9675
OSVDB: 3713

Background

Serv-U is an FTP server for Windows platforms.

Problem

An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a site chmod command with an overly long file name. A buffer overflow occurs when Serv-U prepares an error response by copying the file name into a fixed length buffer.

Resolution

Upgrade to Serv-U FTP Server 4.2 or higher.

References

http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html

Limitations

Exploit works on Serv-U FTP Server 4.1.0.0. This exploit requires valid FTP login credentials, and the FTP account must have a writable home directory.

Platforms

Windows 2000
Windows XP

Back to exploit index