Serv-U Web Client session cookie handling buffer overflow

2009-11-08T00:00:00
ID SAINT:EB922E865BF08AAE941EF2D15C97ACF6
Type saint
Reporter SAINT Corporation
Modified 2009-11-08T00:00:00

Description

Added: 11/08/2009
BID: 36895
OSVDB: 59772

Background

Serv-U is an FTP server for Windows platforms. The Serv-U Web Client component provides a browser-based interface to Serv-U.

Problem

A buffer overflow in the Serv-U Web Client allows remote attackers to execute arbitrary code when overly long session cookies are sent to the Web Client.

Resolution

Upgrade to a Serv-U version higher than 9.0.0.5 when it becomes available. Until an update is available, disable the Web Client Service and only use the Serv-U FTP/SFTP components.

References

<http://www.rangos.de/ServU-ADV.txt>

Limitations

Exploit works on Rhino Software Serv-U 9.0.0.5. Windows patch KB933729 (rpcrt4.dll version 5.2.3790.4115) must be installed. The exploit may need to be executed multiple times to trigger the vulnerability.

Platforms

Windows