Serv-U FTP site chmod buffer overflow

2006-07-17T00:00:00
ID SAINT:BC44209041EF08E9C73CBADB48737EB3
Type saint
Reporter SAINT Corporation
Modified 2006-07-17T00:00:00

Description

Added: 07/17/2006
CVE: CVE-2004-2111
BID: 9675
OSVDB: 3713

Background

Serv-U is an FTP server for Windows platforms.

Problem

An attacker who has logged on to the Serv-U FTP server and has a writable directory could execute arbitrary commands by sending a **site chmod** command with an overly long file name. A buffer overflow occurs when Serv-U prepares an error response by copying the file name into a fixed length buffer.

Resolution

Upgrade to Serv-U FTP Server 4.2 or higher.

References

<http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html>

Limitations

Exploit works on Serv-U FTP Server 4.1.0.0. This exploit requires valid FTP login credentials, and the FTP account must have a writable home directory.

Platforms

Windows 2000
Windows XP