CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.1%
Added: 10/27/2006
CVE: CVE-2004-0330
BID: 9751
OSVDB: 4073
Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files.
A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the MDTM command with a specially crafted timezone parameter.
Upgrade to Serv-U FTP Server 5.0.0.4 or higher.
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0048.html
Exploit works on Serv-U FTP Server 4.1.0.0 and requires a valid FTP user name and password.
Windows 2000
Windows XP