Check Point Advisories

Preemptive Protection against Rhino Software Serv-U Web Client HTTP Request Remote Buffer Overflow

Check Point Reference: CPAI-2009-245
Date Published: 10 Nov 2009
Severity: Critical
Last Updated: Thursday 01 January, 2009
Source: Bugtraq ID: 36895
Industry Reference:N/A
Protection Provided by:
Who is Vulnerable? Rhino Software Serv-U 9.0.0.5 and prior
Vulnerability Description A vulnerability has been reported in Rhino Software Serv-U. The vulnerability is due to a buffer overflow that can occur when Web Client handles HTTP requests containing overly large cookie session values. Remote attackers could exploit this vulnerability by sending a malicious HTTP request to a vulnerable version of the application. Successful exploitation of this vulnerability would result in arbitrary code injection and execution.
Update/Patch AvaliableNo patch or new release that address this vulnerability have been released by the vendor, Rhino Software.
Vulnerability DetailsIn case if code execution is not successful, the affected application may terminate abnormally.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK