Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Local privilege escalation vulnerability in Serv-U FTP Server

Local privilege escalation vulnerability in Serv-U FTP Server

Table of contents

Updated April 25, 2017 

Overview

This article describes the local privilege escalation vulnerability in Serv-U FTP Server.

 

Environment

All Serv-U versions

Detail

The default LocalAdministrator account in Serv-U allows a local computer user to escalate their privileges on the target computer. The LocalAdministrator account is the default account used by the Serv-U Administration program to administer the FTP server. It uses a default user name and password to perform actions. The account is only accessible from the loopback IP address of the computer. This means that it can only be used when connecting to Serv-U from the same machine it is installed on.

With the LocalAdministrator account only working from the loopback IP address, anyone who tries to exploit this account must have a full access to the server computer. The published code to demonstrate the "exploit" emulates the native behavior of the Serv-U Administrator program. Since physical access to the server machine is assumed by the "exploit", it suggesto to copy the ServUAdmin.exe file to the machine and execute it. With the LocalAdministrator only working from the local system, it is impossible for this to be used to compromise the software or the machine from a remote location. The only way to gain access to 'exploit' is when a user has a complete local access to the server computer.

Older versions of Serv-U allowed customization of the LocalAdministrator account. However, since this information must be stored locally, it offered a few additional security (assuming that there is a physical access to the server computer) and only confused system administrators. 

 

 

 

Last modified

Tags

Classifications

Public