Security holes in Serv-U FTP server closed
The 9.1.0.0 version of the Serv-U FTP Server for Windows closes two critical vulnerabilities which allow an attacker's code to infiltrate the system or restart it.
The cause of the problems are buffer overflows in the web based GUI when processing specially crafted user cookies and when decoding hexadecimal encoded strings. The new version of the FTP server from Rhinosoft also fixes numerous other non-security releated bugs and incorporates many new features and improvements.
See also:
- Serv-U Release Notes
- RhinoSoft Serv-U Two Buffer Overflow Vulnerabilities, Secunia advisory.
(djwm)