Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Serv-U - Knowledgebase Articles > Local privilege escalation vulnerability in Serv-U FTP Server

Local privilege escalation vulnerability in Serv-U FTP Server

Table of contents

Updated April 25, 2017 

Overview

This article describes the local privilege escalation vulnerability in Serv-U FTP Server.

 

Environment

All Serv-U versions

Detail

The default LocalAdministrator account in Serv-U allows a local computer user to escalate their privileges on the target computer. The LocalAdministrator account is the default account used by the Serv-U Administration program to administer the FTP server. It uses a default user name and password to perform actions. The account is only accessible from the loopback IP address of the computer. This means that it can only be used when connecting to Serv-U from the same machine it is installed on.

With the LocalAdministrator account only working from the loopback IP address, anyone who tries to exploit this account must have a full access to the server computer. The published code to demonstrate the "exploit" emulates the native behavior of the Serv-U Administrator program. Since physical access to the server machine is assumed by the "exploit", it suggesto to copy the ServUAdmin.exe file to the machine and execute it. With the LocalAdministrator only working from the local system, it is impossible for this to be used to compromise the software or the machine from a remote location. The only way to gain access to 'exploit' is when a user has a complete local access to the server computer.

Older versions of Serv-U allowed customization of the LocalAdministrator account. However, since this information must be stored locally, it offered a few additional security (assuming that there is a physical access to the server computer) and only confused system administrators. 

 

 

 

Last modified

Tags

Classifications

Public