Stack-based Buffer Overflow in RhinoSoft Serv-U FTP Server
CVE-2009-4006

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Serv-u File Server
Vendor: CVE Published:; 20 November 2009

Summary

A stack-based buffer overflow exists in the TEA decoding algorithm of the RhinoSoft Serv-U FTP Server, allowing remote attackers to execute arbitrary code. Exploitation is possible through the sending of an incorrectly formatted long hexadecimal string, leading to a potential compromise of the affected system. This vulnerability affects multiple versions of the Serv-U FTP Server prior to the security update in version 9.1.0.0, thus posing a significant risk to users that have not applied the necessary patches.

References

http://www.osvdb.org/60427

vdb-entryx_refsource_OSVDB

http://www.securitytracker.com/id?1023199

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/507955/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 20, 2009
Vulnerability Reserved
Nov 19, 2009