Cat Soft Serv-U Buffer Overflow Vulnerabilities

info
discussion
exploit
solution
references

Cat Soft Serv-U Buffer Overflow Vulnerabilities

The Serv-U FTP server versions 2.5 and earlier are vulnerable to multiple buffer overflows. This can result in a denial of service and at worst in arbitrary code being executed on the system.

The vulnerabilities are in the CWD and LS FTP commands if they are passed an argument a string longer than 155 characters.