CVE-2004-2532

Name of the Vulnerable Software and Affected Versions Serv-U FTP server versions prior to 5.1.0.0

Description The issue allows local users to execute arbitrary commands by connecting to the server using a default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. This is possible due to a default account and password for local administration.

Recommendations For versions prior to 5.1.0.0, update to version 5.1.0.0 or later to resolve the issue. As a temporary workaround, consider changing the default administrator account password and restricting access to the SITE EXEC command until a patch is available.