Serv-U FTPS Server命令通道SSL协商安全限制绕过漏洞

2011-12-02T00:00:00
ID SSV:26004
Type seebug
Reporter Root
Modified 2011-12-02T00:00:00

Description

BUGTRAQ ID: 50881

Serv-U FTP是一款FTP服务程序。

RhinoSoft Serv-U FTPS Server实现上存在漏洞,虽然命令通道上SSL协商失败,但服务器还是让命令通道处于运行状态,可被利用执行中间人攻击

RhinoSoft Serv-U 9.4.0.0 RhinoSoft Serv-U 9.3.0.1 RhinoSoft Serv-U 9.2.0.1 RhinoSoft Serv-U 9.1.0.4 RhinoSoft Serv-U 9.1.0.2 RhinoSoft Serv-U 9.1.0.0 RhinoSoft Serv-U 9.0.0.1 RhinoSoft Serv-U 9.0 .5 RhinoSoft Serv-U 8.3.0.23 RhinoSoft Serv-U 8.3.0.2 RhinoSoft Serv-U 8.3.0.1 RhinoSoft Serv-U 8.3.0.0 RhinoSoft Serv-U 8.2.0.3 RhinoSoft Serv-U 8.2.0.0 RhinoSoft Serv-U 8.1.0.0 RhinoSoft Serv-U 8.0.0.0 RhinoSoft Serv-U 7.9.0.0 RhinoSoft Serv-U 7.8.0.0 RhinoSoft Serv-U 7.7.0.0 RhinoSoft Serv-U 7.6.0.0 RhinoSoft Serv-U 7.5.0.0 RhinoSoft Serv-U 7.4.0.1 RhinoSoft Serv-U 7.4.0.0 RhinoSoft Serv-U 7.4 0 RhinoSoft Serv-U 7.3.0.2 RhinoSoft Serv-U 7.3.0.0 RhinoSoft Serv-U 7.2.0.1 RhinoSoft Serv-U 7.2.0.0 RhinoSoft Serv-U 7.0.0.1 RhinoSoft Serv-U 6.1 .0.5 RhinoSoft Serv-U 6.1 .0.4 RhinoSoft Serv-U 6.1 .0.1 RhinoSoft Serv-U 6.1 .0.0 RhinoSoft Serv-U 6.0 .0.2 RhinoSoft Serv-U 6.0 .0.1 RhinoSoft Serv-U 6.0 RhinoSoft Serv-U 5.2 .0.1 RhinoSoft Serv-U 5.2 .0.0 RhinoSoft Serv-U 5.1 .0 RhinoSoft Serv-U 5.0 .0.9 RhinoSoft Serv-U 5.0 .0.6 RhinoSoft Serv-U 5.0 .0.4 RhinoSoft Serv-U 4.2 RhinoSoft Serv-U 4.1 .0.11 RhinoSoft Serv-U 4.1 RhinoSoft Serv-U 4.0 .0.4 RhinoSoft Serv-U 3.1 RhinoSoft Serv-U 3.0 RhinoSoft Serv-U 2.5 RhinoSoft Serv-U 11.0.0.2 RhinoSoft Serv-U 11.0.0.0 RhinoSoft Serv-U 10.5.0.24 RhinoSoft Serv-U 10.5 RhinoSoft Serv-U 10.3.0.1 RhinoSoft Serv-U 10.3.0.0 RhinoSoft Serv-U 10.2.0.2 RhinoSoft Serv-U 10.2.0.0 RhinoSoft Serv-U 10.1.0.1 RhinoSoft Serv-U 10.0.0.2 临时解决方法:

更新到版本11.1.0.3

厂商补丁:

RhinoSoft

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.serv-u.com/