FTP: ServU CHMOD Filename Overflow
This signature detects attempts to exploit a known vulnerability in the ServU FTP server CHMOD command. The CHMOD command is typically used to change server file permissions. Attackers can send an overly long filename argument to the CHMOD command to execute arbitrary code with system privileges.
Extended Description
RhinoSoft Serv-U FTP Server is prone to a remote post-authentication buffer-overflow vulnerability. The vulnerability occurs when a malicious filename argument is passed to the SITE CHMOD command. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed.
Affected Products
Rhino_software serv-u
Short Name
FTP:SERVU:CHMOD-OVERFLOW
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
CHMOD CVE-2004-2111 Filename Overflow ServU bid:9483 bid:9675
Release Date
03/11/2004
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Rhino_software
CVSS Score
8.5