Attack (Attack ID:200128)

Release Date09/12/2012

Attack NameRhinoSoft Serv-U FTP Server Remote Jail Break 0day

Severity

BUG ID

CVE ID

 

Description

Impact:

RhinoSoft is the FTP server software released by Serv-U.
The directory traversal vulnerability in RhinoSoft Serv-U allows attackers to upload, download and delete files outside the root directory of FTP server by breaking the FTP directory access control limit through inputting certain path strings.


Affected Systems:
RhinoSoft Serv-U 9.x
RhinoSoft Serv-U 8.x
RhinoSoft Serv-U 7.x
RhinoSoft Serv-U 6.x
RhinoSoft Serv-U 11.x
RhinoSoft Serv-U 10.x

Additional References:
http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html

 

Solution

The vendor has not provided update file or patch for this vulnerability. Hillstone suggests you stop the flawed FTP server and pay close attention to the latest release of the patch.