• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RhinoSoft Serv-U FTP Server Default Administration Account Vulnerability

It is reported that the RhinoSoft Serv-U FTP server has a default administration account that is used to authenticate to the site maintenance interface.

The weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts. An ftp user account created with execute rights, may permit a local attacker to execute arbitrary binaries in the context of the vulnerable server.