[33968] in bugtraq
RE: Serv-U "MDTM" buffer overflow PoC DoS exploit
daemon@ATHENA.MIT.EDU (Peter Buijsman)
Thu Feb 26 17:01:23 2004
Date: Thu, 26 Feb 2004 20:12:28 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Message-ID: <F629DD152EA9674CAB166BCFA8BDBE0BA9B9@matrix.local>
Content-class: urn:content-classes:message
From: "Peter Buijsman" <peter@bryte.net>
To: <bugtraq@securityfocus.com>
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
Content-Transfer-Encoding: 8bit
> Here it is, test your systems, temporarily disable Serv-U,
> and wait for the vendor to release a patch.
Serv-U has released a security patch yesterday. An e-mail has been send out
to registered users. It fixes the MDTM problem and some other small bugs.
"Serv-U 5.0.0.4 has been released. This is a point-release of 5.0 that
fixes a number of bugs. We highly recommend upgrading to 5.0.0.4, in
particular for the following reasons:
* A bug in SQL statements used by ODBC domains has been fixed.
* Added automatic connection retry in case ODBC connectivity failure.
* A bug causing Secure-FTP transfers to fail has been fixed.
* A bug in the MDTM command that could cause server crashes has been
fixed.
You can download 5.0.0.4 from the following location:
http://www.Serv-U.com/dn.asp
Running the setup program should upgrade your existing installation of
Serv-U. We don't expect any problems, but to be on the safe side
please make a backup of your Serv-U directory prior to installing the
new release."
Thanks,
Peter
