Sta en ingles... pero os pongo en negrita lo importante xD

Serv-U Ftp Server Long Filename Stack Overflow Vunlnerablity

Application: Serv-U

Affected Versions: All versions prior 4.2 (include

Vendor: RhinoSoft (



An internal memory buffer may be overrun while handling "site chmod" command
with a filename containg excessive data. This condition may be exploited by
attackers to ultimately execute instructions with the priviledges of the serv-u
process, typically administator or system.


While exectuing chmod on a nonexistent file, serv-u will call sprintf to
construct response string. And the code is like
sprintf(dst, "%s: No such file or directory.", filename);

The length of dst buffer is only 256 bytes.If a long filename was sent,
serv-u will crash.

A writable directory is needed to exploit this vulerablity.By overwriting SEH,
we have created proof-of-concept exploit successfully on win2k/xp.


Upgrade to servu 5.0.


kkqq <> has indenpendently discovered this vulerablity.
All members of SST (
lgx and eyas.
Rob Beckers for indentifing and fixing this vulerablity.

About SST:

Do we really exist?