Serv-U.FTP.site.chmod.LongFilename.Buffer.Overflow

Release Date Jun 07, 2005
Severity high
Impact Allows remote attackers to execute arbitrary code via a long filename.
Description It indicates a possible exploit of buffer overflow in the site chmod command in Serv-U FTP software. "Serv-U FTP server is one of the popular software application distributed by RhinoSoft Inc. A buffer overflow vulnerability is reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to application failure to sanitize arguments of SITE CHMOD command. An attacker may exploit this and execute arbitrary code on the vulnerable system by sending SITE CHMOD command with overly long filename more than 256 bytes size. "
Affected Products RhinoSoft Serv-U 4.1 .0.11 RhinoSoft Serv-U 4.1 RhinoSoft Serv-U 4.0 .0.4 RhinoSoft Serv-U 3.1 RhinoSoft Serv-U 3.0
Recommended Actions Upgrade to Serv-U FTP server 5.0 and later versions at http://www.serv-u.com.
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2004-2111
Reference/s http://www.securityfocus.com/bid/9675 (BugTraq) http://www.securityfocus.com/bid/9483 (BugTraq)

Fortinet