Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
Software | From | Fixed in |
---|---|---|
solarwinds / serv-u_file_server | 7.0.0.1 | 7.0.0.1.x |
solarwinds / serv-u_file_server | 7.0.0.2 | 7.0.0.2.x |
solarwinds / serv-u_file_server | 7.0.0.3 | 7.0.0.3.x |
solarwinds / serv-u_file_server | 7.0.0.4 | 7.0.0.4.x |
solarwinds / serv-u_file_server | 7.1.0.0 | 7.1.0.0.x |
solarwinds / serv-u_file_server | 7.1.0.1 | 7.1.0.1.x |
solarwinds / serv-u_file_server | 7.1.0.2 | 7.1.0.2.x |
solarwinds / serv-u_file_server | 7.2.0.0 | 7.2.0.0.x |
solarwinds / serv-u_file_server | 7.2.0.1 | 7.2.0.1.x |
solarwinds / serv-u_file_server | 7.3.0.0 | 7.3.0.0.x |
solarwinds / serv-u_file_server | 7.3.0.1 | 7.3.0.1.x |
solarwinds / serv-u_file_server | 7.3.0.2 | 7.3.0.2.x |