FTP: Serv-U MDTM TimeZone Overflow
This signature detects attempts to exploit a known vulnerability in the ServU FTP server MDTM command. The MDTM command is typically used to change the file timestamp on the server. Attackers can send a maliciously crafted timezone argument to the MDTM command to execute arbitrary code with system privileges.
Extended Description
Serv-U FTP Server has been reported prone to a remote stack based buffer overflow vulnerability when handling time zone arguments passed to the MDTM FTP command. The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user.
Affected Products
Rhino_software serv-u
Short Name
FTP:SERVU:MDTM-OVERFLOW
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
FTP
Keywords
CVE-2001-1021 CVE-2004-0330 MDTM Overflow Serv-U TimeZone bid:9751
Release Date
03/11/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Rhino_software
CVSS Score
7.5
10.0