Cat Soft Serv-U FTP Server Default Administration Account Vulnerability 1.1
 
Plugin ID235
Plugin nameCat Soft Serv-U FTP Server Default Administration Account Vulnerability
Plugin filenameRhinoSoft Serv-U FTP Server Default Administration Account Vulnerability.plugin
Plugin filesize3183 bytes
Plugin familyFTP
Plugin created nameNico 'Triplex' Spicher
Plugin created emailTriplex at IT-Helpnet dot de
Plugin created webhttp://triplex.it-helpnet.de
Plugin created companyhttp://www.it-helpnet.de
Plugin created date2004/09/13
Plugin updated nameNico 'Triplex' Spicher
Plugin updated emailTriplex at IT-Helpnet dot de
Plugin updated webhttp://triplex.it-helpnet.de
Plugin updated companyhttp://www.it-helpnet.de
Plugin updated date2004/11/13
Plugin version1.1
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.1
Plugin protocoltcp
Plugin port21
Plugin procedure detectionopen|sleep|send USER LocalAdministrator\n|sleep|send PASS #l@$ak#.lk;0@P\n|send list\n|sleep|close|pattern_exists 150
Plugin detection accuracy98
Plugin commentThis plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de].
Bug published nameaT4r ins4n3
Bug published emailat4r@ciberdreams.com
Bug published date2004/08/08
Bug advisoryhttp://securityfocus.com/bid/10886/info/
Bug affectedCat Soft Serv-U FTP Server 3.0 to 5.2
Bug vulnerability classConfiguration
Bug descriptionIt is reported that the RhinoSoft Serv-U FTP server has a default administration account that is used to authenticate to the site maintenance interface. The weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts.
Bug solutionIf the ftp server is not used it should be de-installed or de-activated. Install the newest patch or bugfix to solve the problem or upgrade to the latest software version which is not vulnerable anymore. Additionally limit unwanted connections and communications with firewalling.
Bug fixing timeApprox. 20 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://downloads.securityfocus.com/vulnerabilities/exploits/servulocal.c
Bug remoteNo
Bug localYes
Bug severityMedium
Bug popularity2
Bug simplicity5
Bug impact8
Bug risk1
Source SecurityFocus BID10886
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.