Serv-U is an FTP server for Windows platforms.
An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a
**site chmod** command with an overly long file name. A buffer overflow occurs when Serv-U prepares an error response by copying the file name into a fixed length buffer.
Upgrade to Serv-U FTP Server 4.2 or higher.
Exploit works on Serv-U FTP Server 18.104.22.168. This exploit requires valid FTP login credentials, and the FTP account must have a writable home directory.