Serv-U FTPD 3.x/4.x/5.x "MDTM" Command remote overflow exploit

vendor:

Serv-U FTPD

by:

Sam and bkbll

7.5

CVSS

HIGH

Remote Overflow

CWE

Product Name: Serv-U FTPD

Affected Version From: 3.x

Affected Version To: 5.x

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2004

Serv-U FTPD 3.x/4.x/5.x “MDTM” Command remote overflow exploit

This exploit targets Serv-U FTPD versions 3.x, 4.x, and 5.x. It takes advantage of a remote overflow vulnerability in the "MDTM" command. The code is written in C and was developed by Sam and bkbll. It includes shellcode for both connecting back and rebinding a shell. The exploit has been tested on Serv-U versions 4.0, 4.1, and 4.2.

Mitigation:

Upgrade to a patched version of Serv-U FTPD.

Source

Serv-U FTPD 3.x/4.x/5.x “MDTM” Command remote overflow exploit

Mitigation:

Exploit-DB raw data: