Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4501

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-4501
Last Modified 07 Mar 2011 10:12:33
Published 08 Oct 2008 08:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4501

Summary

Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.

Vulnerable Systems

Application

  • Serv-u 7.0.0.1

  • Serv-u 7.0.0.2

  • Serv-u 7.0.0.3

  • Serv-u 7.0.0.4

  • Serv-u 7.1.0.0

  • Serv-u 7.1.0.1

  • Serv-u 7.1.0.2

  • Serv-u 7.2.0.0

  • Serv-u 7.2.0.1

  • Serv-u 7.3.0.0

  • Serv-u 7.3.0.1

  • Serv-u 7.3.0.2


References

VUPEN - ADV-2008-2746

MILW0RM - 6661

SREASON - 4378

SECUNIA - 32150


Last Updated: 27 May 2016 10:48:31