PT-2009-6199 · Solarwinds · Serv-U Ftp Server

Published

2009-11-20

Updated

2020-07-28

CVE-2009-4006

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Serv-U FTP server versions 7.0.0.1 through 9.0.0.5 Serv-U FTP server versions prior to 9.1.0.0

Description The issue is related to a stack-based buffer overflow in the TEA decoding algorithm, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a long hexadecimal string.

Recommendations For Serv-U FTP server versions 7.0.0.1 through 9.0.0.5, update to version 9.1.0.0 or later. For Serv-U FTP server versions prior to 9.1.0.0, update to version 9.1.0.0 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-4006

Affected Products

Serv-U Ftp Server

PT-2009-6199 · Solarwinds · Serv-U Ftp Server

CVE-2009-4006

Weakness Enumeration

Related Identifiers

Affected Products

References · 13