Plugin ID | 235 |
Plugin name | Cat Soft Serv-U FTP Server Default Administration Account Vulnerability |
Plugin filename | RhinoSoft Serv-U FTP Server Default Administration Account Vulnerability.plugin |
Plugin filesize | 3183 bytes |
Plugin family | FTP |
Plugin created name | Nico 'Triplex' Spicher |
Plugin created email | Triplex at IT-Helpnet dot de |
Plugin created web | http://triplex.it-helpnet.de |
Plugin created company | http://www.it-helpnet.de |
Plugin created date | 2004/09/13 |
Plugin updated name | Nico 'Triplex' Spicher |
Plugin updated email | Triplex at IT-Helpnet dot de |
Plugin updated web | http://triplex.it-helpnet.de |
Plugin updated company | http://www.it-helpnet.de |
Plugin updated date | 2004/11/13 |
Plugin version | 1.1 |
Plugin changelog | Corrected the plugin structure and added the accuracy values in 1.1 |
Plugin protocol | tcp |
Plugin port | 21 |
Plugin procedure detection | open|sleep|send USER LocalAdministrator\n|sleep|send PASS #l@$ak#.lk;0@P\n|send list\n|sleep|close|pattern_exists 150 |
Plugin detection accuracy | 98 |
Plugin comment | This plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de]. |
Bug published name | aT4r ins4n3 |
Bug published email | at4r@ciberdreams.com |
Bug published date | 2004/08/08 |
Bug advisory | http://securityfocus.com/bid/10886/info/ |
Bug affected | Cat Soft Serv-U FTP Server 3.0 to 5.2 |
Bug vulnerability class | Configuration |
Bug description | It is reported that the RhinoSoft Serv-U FTP server has a default administration account that is used to authenticate to the site maintenance interface. The weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts. |
Bug solution | If the ftp server is not used it should be de-installed or de-activated. Install the newest patch or bugfix to solve the problem or upgrade to the latest software version which is not vulnerable anymore. Additionally limit unwanted connections and communications with firewalling. |
Bug fixing time | Approx. 20 minutes |
Bug exploit availability | Yes |
Bug exploit url | http://downloads.securityfocus.com/vulnerabilities/exploits/servulocal.c |
Bug remote | No |
Bug local | Yes |
Bug severity | Medium |
Bug popularity | 2 |
Bug simplicity | 5 |
Bug impact | 8 |
Bug risk | 1 |
Source SecurityFocus BID | 10886 |
Source Literature | Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X |
Source Misc. | http://www.computec.ch |