I currently have an FTP server that's running on WinXP Pro w/ Serv-U Corporate Edition FTP Server software. I like Serv-U a lot and think it's great. I am also thinking of dabbling in the Linux world again (did it freshman year of college ~ 7 years ago). These products create virtual disks from the server’s system memory (RAM). Although in many respects a virtual disk behaves like a physical hard disk, in one key area it does not: it is much, much faster, up to 50x faster or more. Get access to over 300 TB of Movies, Games, Applications and MP3s. Download the UseNeXT-Client - high-speed downloading (16mbit) and 100% anonymous!
Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a '..:/' (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands. Publish Date : 2011-12-13 Last Update Date : 2012-03-05 Scroll To | Comments | External Links |
- CVSS Scores & Vulnerability Types CVSS Score |
---|
Confidentiality Impact | Complete(There is total information disclosure, resulting in all system files being revealed.) |
---|
Integrity Impact | Complete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) |
---|
Availability Impact | Complete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) |
---|
Access Complexity | Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) |
---|
Authentication | Single system(The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).) |
---|
Gained Access | None |
---|
Vulnerability Type(s) | Directory traversal |
---|
CWE ID | 22 |
---|
|
- Products Affected By CVE-2011-4800 # | Product Type | Vendor | Product | Version | Update | Edition | Language |
---|
1 | Application | Serv-u | Serv-u | 3.0.0.16 | Version DetailsVulnerabilities | 2 | Application | Serv-u | Serv-u | 3.0.0.17 | Version DetailsVulnerabilities | 3 | Application | Serv-u | Serv-u | 3.1.0.0 | Version DetailsVulnerabilities | 4 | Application | Serv-u | Serv-u | 3.1.0.1 | Version DetailsVulnerabilities | 5 | Application | Serv-u | Serv-u | 3.1.0.3 | Version DetailsVulnerabilities | 6 | Application | Serv-u | Serv-u | 4.0.0.4 | Version DetailsVulnerabilities | 7 | Application | Serv-u | Serv-u | 4.1.0.0 | Version DetailsVulnerabilities | 8 | Application | Serv-u | Serv-u | 4.1.0.3 | Version DetailsVulnerabilities | 9 | Application | Serv-u | Serv-u | 5.0.0.0 | Version DetailsVulnerabilities | 10 | Application | Serv-u | Serv-u | 5.0.0.4 | Version DetailsVulnerabilities | 11 | Application | Serv-u | Serv-u | 5.0.0.9 | Version DetailsVulnerabilities | 12 | Application | Serv-u | Serv-u | 5.0.0.11 | Version DetailsVulnerabilities | 13 | Application | Serv-u | Serv-u | 5.1.0.0 | Version DetailsVulnerabilities | 14 | Application | Serv-u | Serv-u | 5.2.0.0 | Version DetailsVulnerabilities | 15 | Application | Serv-u | Serv-u | 5.2.0.1 | Version DetailsVulnerabilities | 16 | Application | Serv-u | Serv-u | 6.0.0.0 | Version DetailsVulnerabilities | 17 | Application | Serv-u | Serv-u | 6.0.0.1 | Version DetailsVulnerabilities | 18 | Application | Serv-u | Serv-u | 6.0.0.2 | Version DetailsVulnerabilities | 19 | Application | Serv-u | Serv-u | 6.1.0.0 | Version DetailsVulnerabilities | 20 | Application | Serv-u | Serv-u | 6.1.0.1 | Version DetailsVulnerabilities | 21 | Application | Serv-u | Serv-u | 6.1.0.4 | Version DetailsVulnerabilities | 22 | Application | Serv-u | Serv-u | 6.1.0.5 | Version DetailsVulnerabilities | 23 | Application | Serv-u | Serv-u | 6.2.0.0 | Version DetailsVulnerabilities | 24 | Application | Serv-u | Serv-u | 6.2.0.1 | Version DetailsVulnerabilities | 25 | Application | Serv-u | Serv-u | 6.3.0.0 | Version DetailsVulnerabilities | 26 | Application | Serv-u | Serv-u | 6.3.0.1 | Version DetailsVulnerabilities | 27 | Application | Serv-u | Serv-u | 6.4.0.0 | Version DetailsVulnerabilities | 28 | Application | Serv-u | Serv-u | 6.4.0.1 | Version DetailsVulnerabilities | 29 | Application | Serv-u | Serv-u | 6.4.0.2 | Version DetailsVulnerabilities | 30 | Application | Serv-u | Serv-u | 6.4.0.3 | Version DetailsVulnerabilities | 31 | Application | Serv-u | Serv-u | 6.4.0.4 | Version DetailsVulnerabilities | 32 | Application | Serv-u | Serv-u | 6.4.0.5 | Version DetailsVulnerabilities | 33 | Application | Serv-u | Serv-u | 6.4.0.6 | Version DetailsVulnerabilities | 34 | Application | Serv-u | Serv-u | 7.0.0.1 | Version DetailsVulnerabilities | 35 | Application | Serv-u | Serv-u | 7.0.0.2 | Version DetailsVulnerabilities | 36 | Application | Serv-u | Serv-u | 7.0.0.3 | Version DetailsVulnerabilities | 37 | Application | Serv-u | Serv-u | 7.0.0.4 | Version DetailsVulnerabilities | 38 | Application | Serv-u | Serv-u | 7.1.0.0 | Version DetailsVulnerabilities | 39 | Application | Serv-u | Serv-u | 7.1.0.1 | Version DetailsVulnerabilities | 40 | Application | Serv-u | Serv-u | 7.1.0.2 | Version DetailsVulnerabilities | 41 | Application | Serv-u | Serv-u | 7.2.0.0 | Version DetailsVulnerabilities | 42 | Application | Serv-u | Serv-u | 7.2.0.1 | Version DetailsVulnerabilities | 43 | Application | Serv-u | Serv-u | 7.3.0.0 | Version DetailsVulnerabilities | 44 | Application | Serv-u | Serv-u | 7.3.0.1 | Version DetailsVulnerabilities | 45 | Application | Serv-u | Serv-u | 7.3.0.2 | Version DetailsVulnerabilities | 46 | Application | Serv-u | Serv-u | 7.4.0.0 | Version DetailsVulnerabilities | 47 | Application | Serv-u | Serv-u | 7.4.0.1 | Version DetailsVulnerabilities | 48 | Application | Serv-u | Serv-u | 8.0.0.1 | Version DetailsVulnerabilities | 49 | Application | Serv-u | Serv-u | 8.0.0.2 | Version DetailsVulnerabilities | 50 | Application | Serv-u | Serv-u | 8.0.0.4 | Version DetailsVulnerabilities | 51 | Application | Serv-u | Serv-u | 8.0.0.5 | Version DetailsVulnerabilities | 52 | Application | Serv-u | Serv-u | 8.0.0.7 | Version DetailsVulnerabilities | 53 | Application | Serv-u | Serv-u | 8.1.0.1 | Version DetailsVulnerabilities | 54 | Application | Serv-u | Serv-u | 8.1.0.3 | Version DetailsVulnerabilities | 55 | Application | Serv-u | Serv-u | 8.2.0.0 | Version DetailsVulnerabilities | 56 | Application | Serv-u | Serv-u | 8.2.0.1 | Version DetailsVulnerabilities | 57 | Application | Serv-u | Serv-u | 8.2.0.3 | Version DetailsVulnerabilities | 58 | Application | Serv-u | Serv-u | 9.0.0.1 | Version DetailsVulnerabilities | 59 | Application | Serv-u | Serv-u | 9.0.0.3 | Version DetailsVulnerabilities | 60 | Application | Serv-u | Serv-u | 9.0.0.5 | Version DetailsVulnerabilities | 61 | Application | Serv-u | Serv-u | 9.1.0.0 | Version DetailsVulnerabilities | 62 | Application | Serv-u | Serv-u | 9.1.0.2 | Version DetailsVulnerabilities | 63 | Application | Serv-u | Serv-u | 9.2.0.1 | Version DetailsVulnerabilities | 64 | Application | Serv-u | Serv-u | 9.3.0.1 | Version DetailsVulnerabilities | 65 | Application | Serv-u | Serv-u | 9.4.0.0 | Version DetailsVulnerabilities | 66 | Application | Serv-u | Serv-u | 9.4.0.2 | Version DetailsVulnerabilities | 67 | Application | Serv-u | Serv-u | 10.0.0.2 | Version DetailsVulnerabilities | 68 | Application | Serv-u | Serv-u | 10.0.0.3 | Version DetailsVulnerabilities | 69 | Application | Serv-u | Serv-u | 10.0.0.5 | Version DetailsVulnerabilities | 70 | Application | Serv-u | Serv-u | 10.0.0.7 | Version DetailsVulnerabilities | 71 | Application | Serv-u | Serv-u | 10.1.0.0 | Version DetailsVulnerabilities | 72 | Application | Serv-u | Serv-u | 10.1.0.1 | Version DetailsVulnerabilities | 73 | Application | Serv-u | Serv-u | 10.2.0.0 | Version DetailsVulnerabilities | 74 | Application | Serv-u | Serv-u | 10.2.0.2 | Version DetailsVulnerabilities | 75 | Application | Serv-u | Serv-u | 10.3.0.1 | Version DetailsVulnerabilities | 76 | Application | Serv-u | Serv-u | 10.4.0.0 | Version DetailsVulnerabilities | 77 | Application | Serv-u | Serv-u | 10.5.0.4 | Version DetailsVulnerabilities | 78 | Application | Serv-u | Serv-u | 10.5.0.6 | Version DetailsVulnerabilities | 79 | Application | Serv-u | Serv-u | 10.5.0.11 | Version DetailsVulnerabilities | 80 | Application | Serv-u | Serv-u | 10.5.0.14 | Version DetailsVulnerabilities | 81 | Application | Serv-u | Serv-u | 10.5.0.16 | Version DetailsVulnerabilities | 82 | Application | Serv-u | Serv-u | 10.5.0.19 | Version DetailsVulnerabilities | 83 | Application | Serv-u | Serv-u | 10.5.0.21 | Version DetailsVulnerabilities | 84 | Application | Serv-u | Serv-u | 10.5.0.24 | Version DetailsVulnerabilities | 85 | Application | Serv-u | Serv-u | 11.0.0.0 | Version DetailsVulnerabilities | 86 | Application | Serv-u | Serv-u | 11.0.0.2 | Version DetailsVulnerabilities | 87 | Application | Serv-u | Serv-u | 11.0.0.4 | Version DetailsVulnerabilities | 88 | Application | Serv-u | Serv-u | 11.1.0.3 | Version DetailsVulnerabilities | 89 | Application | Serv-u | Serv-u | 11.1.0.5 | Version DetailsVulnerabilities |
- Number Of Affected Versions By Product Vendor | Product | Vulnerable Versions |
---|
Serv-u | Serv-u | 89 |
- References For CVE-2011-4800 http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html FULLDISC 20111130 Serv-U Remote | http://secunia.com/advisories/47021 SECUNIA 47021 | Exploit!http://www.exploit-db.com/exploits/18182 EXPLOIT-DB 18182 Serv-U FTP Jail Break Author:kingcope Release Date:2011-12-01 (windows) remote | http://www.serv-u.com/releasenotes/ CONFIRM
|
|
- Metasploit Modules Related To CVE-2011-4800There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
|
Serv-U File Server 15.0.1.20
Serv-U is a powerful, easy-to-use, award-winning FTP server created by Rob Beckers. An FTP server uses the FTP protocol to share files across the Internet. Serv-U is not only 100% compliant with the current FTP standard, but also includes numerous features unique to Serv-U that make it a perfect file sharing solution for virtually everyone. Serv-U features an open architecture that makes it very easy to extend, monitor, and change the server behavior with external DLLs. Regardless of the purpose behind your FTP server, everyone will benefit from the numerous security features Serv-U incorporates.
Flexible FTP server (or Daemon) for all 32-bit versions of MS-Windows (Windows 2000 (Advanced) Server, 2000 Professional, Windows XP Home / Professional, Windows Server 2003, Windows Vista). It turns any PC with a network connection into an FTP site on the Internet. Serv-U makes a vast array of features available to the user that ensures the administrator has full control over their FTP server.
Serv-U offers the following:Easy to set up and use.
A Windows standard, with over 50000 registered users!
Support for Secure-FTP through SSL/TLS.
Support for ODBC databases for accounts.
Lots of security through passwords, read/write/append/modify rights per directory or file for each user (including Anonymous), and access restrictions based on IP address.
Fast and rock solid!
Multiple virtual??в„ў FTP servers can be set up on a single instance of Serv-U.
Server can be administered remotely.
Supports S/KEY one-time passwords.
Support for temporary accounts that are automatically deleted upon expiration.
Support for UL/DL ratios, disk quota limitations, network bandwidth limiting, and automatic anti-anti-time-out plus anti-hammering measures.
Full UNC path support.
Support for virtual paths. Directories or drives can be mapped to any location in a user??в„ўs directory structure.
Support for links??в„ў such as those used in UNIX.
Full support for all ls??в„ў directory listing options.
Support for messages to users, or from users to the server.
Users can be put into groups for easy maintenance of large numbers.
A complete implementation of the FTP standard in RFC959, RFC1123, RFC1760, RFC2228, RFC2246, RFC2289, RFC2389 and the Secure-FTP draft.
Supports resuming of file uploads and downloads.
Configurable messages for sign-on, sign-off, login, and directory changes.
Has time-out and time-limit features, so connections are automatically
cleared when idle, hung, or connected too long.
Easy to setup and maintain through a separate administrator program. For automated maintenance the settings are stored in either an .INI file, registry, or ODBC database of simple format.
Has an open architecture which makes monitoring, changing and extending the server behavior possible through external DLLs.
Logs all transactions to file and screen that can be read by other applications. Includes unique session IDs, time, and date stamps.
Serv-U Corporate addresses the need for a business-class FTP server with no limitations and the ability to grow with your business.With this in mind, Serv-U Corporate allows the following:
ODBC database support
Integrated SSL Support
Unlimited domains with an unlimited number of concurrent connections
Unlimited number of user accounts
Support for directory mapping and links
Support of UL/DL ratios and quotas
Support for remote administration
Windows User NT-SAM / Active Directory Support
Home:Serv-u Ftp Server 6.4.0.5 Corporate Edition Login
= Download =
http://ul.to/8le0pyqv
http://rapidgator.net/file/2050f828f2c6d661b8f17d8c303bff77/Serv.U.File.Server.15.0.1.20.rar.html
Huge Mirror for V.I.P MembersServ-u Ftp Server 6.4.0.5 Corporate Edition 2017