Attack (Attack ID:200128)
Release Date:09/12/2012
Attack Name:RhinoSoft Serv-U FTP Server Remote Jail Break 0day
Severity:
BUG ID:
CVE ID:
Impact:
RhinoSoft is the FTP server software released by Serv-U.
The directory traversal vulnerability in RhinoSoft Serv-U allows attackers to upload, download and delete files outside the root directory of FTP server by breaking the FTP directory access control limit through inputting certain path strings.
Affected Systems:
RhinoSoft Serv-U 9.x
RhinoSoft Serv-U 8.x
RhinoSoft Serv-U 7.x
RhinoSoft Serv-U 6.x
RhinoSoft Serv-U 11.x
RhinoSoft Serv-U 10.x
Additional References:
http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html
The vendor has not provided update file or patch for this vulnerability. Hillstone suggests you stop the flawed FTP server and pay close attention to the latest release of the patch.