Denial of Service : Rhinosoft Serv-U FTP Multiple Vulnerabilities

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900483

Category: Denial of Service

Title: Rhinosoft Serv-U FTP Multiple Vulnerabilities

Summary: Serv-U FTP Server is prone to multiple vulnerabilities.

Description: Summary:
Serv-U FTP Server is prone to multiple vulnerabilities.

Vulnerability Insight:
- Error when processing 'MKD' commands which can be exploited to create
directories residing outside a given user's home directory via directory traversal attacks.

- Error when handing certain FTP commands, by sending a large number of 'SMNT' commands without an argument
causes the application to stop responding.

Vulnerability Impact:
Successful exploitation will let the attacker conduct directory traversal
attack or can cause denial of service.

Affected Software/OS:
Rhinosoft Serv-U FTP Server version 7.4.0.1 or prior.

Solution:
Upgrade to Rhinosoft Serv-U FTP Server version 10 or later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:C/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0967
BugTraq ID: 34127
http://www.securityfocus.com/bid/34127
https://www.exploit-db.com/exploits/8212
XForce ISS Database: servuftp-smnt-dos(49260)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49260
Common Vulnerability Exposure (CVE) ID: CVE-2009-1031
BugTraq ID: 34125
http://www.securityfocus.com/bid/34125
https://www.exploit-db.com/exploits/8211
http://osvdb.org/52773
http://secunia.com/advisories/34329
http://www.vupen.com/english/advisories/2009/0738
XForce ISS Database: servuftp-mkd-dir-traversal(49258)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49258

Copyright Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.900483
Category:	Denial of Service
Title:	Rhinosoft Serv-U FTP Multiple Vulnerabilities
Summary:	Serv-U FTP Server is prone to multiple vulnerabilities.
Description:	Summary: Serv-U FTP Server is prone to multiple vulnerabilities. Vulnerability Insight: - Error when processing 'MKD' commands which can be exploited to create directories residing outside a given user's home directory via directory traversal attacks. - Error when handing certain FTP commands, by sending a large number of 'SMNT' commands without an argument causes the application to stop responding. Vulnerability Impact: Successful exploitation will let the attacker conduct directory traversal attack or can cause denial of service. Affected Software/OS: Rhinosoft Serv-U FTP Server version 7.4.0.1 or prior. Solution: Upgrade to Rhinosoft Serv-U FTP Server version 10 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0967 BugTraq ID: 34127 http://www.securityfocus.com/bid/34127 https://www.exploit-db.com/exploits/8212 XForce ISS Database: servuftp-smnt-dos(49260) https://exchange.xforce.ibmcloud.com/vulnerabilities/49260 Common Vulnerability Exposure (CVE) ID: CVE-2009-1031 BugTraq ID: 34125 http://www.securityfocus.com/bid/34125 https://www.exploit-db.com/exploits/8211 http://osvdb.org/52773 http://secunia.com/advisories/34329 http://www.vupen.com/english/advisories/2009/0738 XForce ISS Database: servuftp-mkd-dir-traversal(49258) https://exchange.xforce.ibmcloud.com/vulnerabilities/49258
Copyright	Copyright (C) 2009 Greenbone AG