module
Serv-U FTPD MDTM Overflow
| Disclosed | Created |
|---|---|
| 2004-02-26 | 2018-05-30 |
Disclosed
2004-02-26
Created
2018-05-30
Description
This is an exploit for the Serv-U\'s MDTM command timezone
overflow. It has been heavily tested against versions
4.0.0.4/4.1.0.0/4.1.0.3/5.0.0.0 with success against
nt4/2k/xp/2k3. I have also had success against version 3,
but only tested 1 version/os. The bug is in all versions
prior to 5.0.0.4, but this exploit will not work against
versions not listed above. You only get one shot, but it
should be OS/SP independent.
This exploit is a single hit, the service dies after the
shellcode finishes execution.
overflow. It has been heavily tested against versions
4.0.0.4/4.1.0.0/4.1.0.3/5.0.0.0 with success against
nt4/2k/xp/2k3. I have also had success against version 3,
but only tested 1 version/os. The bug is in all versions
prior to 5.0.0.4, but this exploit will not work against
versions not listed above. You only get one shot, but it
should be OS/SP independent.
This exploit is a single hit, the service dies after the
shellcode finishes execution.
Author
spoonm spoonm@no$email.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.