Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4800

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2011-4800
Last Modified 05 Mar 2012 12:00:00
Published 13 Dec 2011 07:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-4800

Summary

Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a "..:/" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands.

Vulnerable Systems

Application

  • Serv-u 10.0.0.2

  • Serv-u 10.0.0.3

  • Serv-u 10.0.0.5

  • Serv-u 10.0.0.7

  • Serv-u 10.1.0.0

  • Serv-u 10.1.0.1

  • Serv-u 10.2.0.0

  • Serv-u 10.2.0.2

  • Serv-u 10.3.0.1

  • Serv-u 10.4.0.0

  • Serv-u 10.5.0.11

  • Serv-u 10.5.0.14

  • Serv-u 10.5.0.16

  • Serv-u 10.5.0.19

  • Serv-u 10.5.0.21

  • Serv-u 10.5.0.24

  • Serv-u 10.5.0.4

  • Serv-u 10.5.0.6

  • Serv-u 11.0.0.0

  • Serv-u 11.0.0.2

  • Serv-u 11.0.0.4

  • Serv-u 11.1.0.3

  • Serv-u 11.1.0.5

  • Serv-u 3.0.0.16

  • Serv-u 3.0.0.17

  • Serv-u 3.1.0.0

  • Serv-u 3.1.0.1

  • Serv-u 3.1.0.3

  • Serv-u 4.0.0.4

  • Serv-u 4.1.0.0

  • Serv-u 4.1.0.3

  • Serv-u 5.0.0.0

  • Serv-u 5.0.0.11

  • Serv-u 5.0.0.4

  • Serv-u 5.0.0.9

  • Serv-u 5.1.0.0

  • Serv-u 5.2.0.0

  • Serv-u 5.2.0.1

  • Serv-u 6.0.0.0

  • Serv-u 6.0.0.1

  • Serv-u 6.0.0.2

  • Serv-u 6.1.0.0

  • Serv-u 6.1.0.1

  • Serv-u 6.1.0.4

  • Serv-u 6.1.0.5

  • Serv-u 6.2.0.0

  • Serv-u 6.2.0.1

  • Serv-u 6.3.0.0

  • Serv-u 6.3.0.1

  • Serv-u 6.4.0.0

  • Serv-u 6.4.0.1

  • Serv-u 6.4.0.2

  • Serv-u 6.4.0.3

  • Serv-u 6.4.0.4

  • Serv-u 6.4.0.5

  • Serv-u 6.4.0.6

  • Serv-u 7.0.0.1

  • Serv-u 7.0.0.2

  • Serv-u 7.0.0.3

  • Serv-u 7.0.0.4

  • Serv-u 7.1.0.0

  • Serv-u 7.1.0.1

  • Serv-u 7.1.0.2

  • Serv-u 7.2.0.0

  • Serv-u 7.2.0.1

  • Serv-u 7.3.0.0

  • Serv-u 7.3.0.1

  • Serv-u 7.3.0.2

  • Serv-u 7.4.0.0

  • Serv-u 7.4.0.1

  • Serv-u 8.0.0.1

  • Serv-u 8.0.0.2

  • Serv-u 8.0.0.4

  • Serv-u 8.0.0.5

  • Serv-u 8.0.0.7

  • Serv-u 8.1.0.1

  • Serv-u 8.1.0.3

  • Serv-u 8.2.0.0

  • Serv-u 8.2.0.1

  • Serv-u 8.2.0.3

  • Serv-u 9.0.0.1

  • Serv-u 9.0.0.3

  • Serv-u 9.0.0.5

  • Serv-u 9.1.0.0

  • Serv-u 9.1.0.2

  • Serv-u 9.2.0.1

  • Serv-u 9.3.0.1

  • Serv-u 9.4.0.0

  • Serv-u 9.4.0.2


References

CONFIRM - http://www.serv-u.com/releasenotes/

EXPLOIT-DB - 18182

SECUNIA - 47021

FULLDISC - 20111130 Serv-U Remote


Last Updated: 27 May 2016 10:57:54