Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Local privilege escalation vulnerability in Serv-U FTP Server

Local privilege escalation vulnerability in Serv-U FTP Server

Table of contents

Updated April 25, 2017 

Overview

This article describes the local privilege escalation vulnerability in Serv-U FTP Server.

 

Environment

All Serv-U versions

Detail

The default LocalAdministrator account in Serv-U allows a local computer user to escalate their privileges on the target computer. The LocalAdministrator account is the default account used by the Serv-U Administration program to administer the FTP server. It uses a default user name and password to perform actions. The account is only accessible from the loopback IP address of the computer. This means that it can only be used when connecting to Serv-U from the same machine it is installed on.

With the LocalAdministrator account only working from the loopback IP address, anyone who tries to exploit this account must have a full access to the server computer. The published code to demonstrate the "exploit" emulates the native behavior of the Serv-U Administrator program. Since physical access to the server machine is assumed by the "exploit", it suggesto to copy the ServUAdmin.exe file to the machine and execute it. With the LocalAdministrator only working from the local system, it is impossible for this to be used to compromise the software or the machine from a remote location. The only way to gain access to 'exploit' is when a user has a complete local access to the server computer.

Older versions of Serv-U allowed customization of the LocalAdministrator account. However, since this information must be stored locally, it offered a few additional security (assuming that there is a physical access to the server computer) and only confused system administrators. 

 

 

 

Last modified
23:57, 24 Apr 2017

Tags

Classifications

Public