Directory Traversal Vulnerability in Serv-U FTP Server
CVE-2008-4501

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Serv-u File Server
Vendor: CVE Published:; 9 October 2008

Summary

The Serv-U FTP Server contains a directory traversal vulnerability that allows remote authenticated users to manipulate the filesystem. By utilizing the RNTO command with a crafted input that includes a sequence of dot dot backslashes, attackers can overwrite or create arbitrary files, leading to potential unauthorized actions on the server's filesystem.

References

http://www.vupen.com/english/advisories/2008/2746

vdb-entryx_refsource_VUPEN

https://www.exploit-db.com/exploits/6661

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/32150

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 9, 2008
Vulnerability Reserved
Oct 8, 2008