Check Point Advisories

Update Protection against Rhino Software Serv-U FTP Server RNTO Command Directory Traversal

Check Point Reference: CPAI-2008-227
Date Published: 24 Oct 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Bugtraq ID: 31563

 

Industry Reference:CVE-2008-4501
Protection Provided by:
Who is Vulnerable? Rhino Software Serv-U 7.2.0.1 and earlier versions
Vulnerability Description A directory traversal vulnerability was reported in Serv-U FTP Server. Serv-U is a widely-used FTP server that includes advanced features such as SSL support, ODBC, virtual directories and more. This vulnerability allows a remote authenticated attacker to access normally-inaccessible files and directories through a specially-created FTP request and may also facilitate the launch of other attacks.
Vulnerability DetailsThe vulnerability is due to the fact that Serv-U FTP Server does not properly sanitize the RNTO FTP command. The RNTO command provides the new name for a file or directory specified by the preceding RNFR command. This grants an attacker access to all files on the Serv-U FTP Server using this vulnerability.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK