发布日期：2011-12-01
更新日期：2011-12-02

受影响系统：

RhinoSoft Serv-U 9.4.0.0
RhinoSoft Serv-U 9.3.0.1
RhinoSoft Serv-U 9.2.0.1
RhinoSoft Serv-U 9.1.0.4
RhinoSoft Serv-U 9.1.0.2
RhinoSoft Serv-U 9.1.0.0
RhinoSoft Serv-U 9.0.0.1
RhinoSoft Serv-U 9.0 .5
RhinoSoft Serv-U 8.3.0.23
RhinoSoft Serv-U 8.3.0.2
RhinoSoft Serv-U 8.3.0.1
RhinoSoft Serv-U 8.3.0.0
RhinoSoft Serv-U 8.2.0.3
RhinoSoft Serv-U 8.2.0.0
RhinoSoft Serv-U 8.1.0.0
RhinoSoft Serv-U 8.0.0.0
RhinoSoft Serv-U 7.9.0.0
RhinoSoft Serv-U 7.8.0.0
RhinoSoft Serv-U 7.7.0.0
RhinoSoft Serv-U 7.6.0.0
RhinoSoft Serv-U 7.5.0.0
RhinoSoft Serv-U 7.4.0.1
RhinoSoft Serv-U 7.4.0.0
RhinoSoft Serv-U 7.4 0
RhinoSoft Serv-U 7.3.0.2
RhinoSoft Serv-U 7.3.0.0
RhinoSoft Serv-U 7.2.0.1
RhinoSoft Serv-U 7.2.0.0
RhinoSoft Serv-U 7.0.0.1
RhinoSoft Serv-U 6.1 .0.5
RhinoSoft Serv-U 6.1 .0.4
RhinoSoft Serv-U 6.1 .0.1
RhinoSoft Serv-U 6.1 .0.0
RhinoSoft Serv-U 6.0 .0.2
RhinoSoft Serv-U 6.0 .0.1
RhinoSoft Serv-U 6.0
RhinoSoft Serv-U 5.2 .0.1
RhinoSoft Serv-U 5.2 .0.0
RhinoSoft Serv-U 5.1 .0
RhinoSoft Serv-U 5.0 .0.9
RhinoSoft Serv-U 5.0 .0.6
RhinoSoft Serv-U 5.0 .0.4
RhinoSoft Serv-U 4.2
RhinoSoft Serv-U 4.1 .0.11
RhinoSoft Serv-U 4.1
RhinoSoft Serv-U 4.0 .0.4
RhinoSoft Serv-U 3.1
RhinoSoft Serv-U 3.0
RhinoSoft Serv-U 2.5
RhinoSoft Serv-U 11.0.0.2
RhinoSoft Serv-U 11.0.0.0
RhinoSoft Serv-U 10.5.0.24
RhinoSoft Serv-U 10.5
RhinoSoft Serv-U 10.3.0.1
RhinoSoft Serv-U 10.3.0.0
RhinoSoft Serv-U 10.2.0.2
RhinoSoft Serv-U 10.2.0.0
RhinoSoft Serv-U 10.1.0.1
RhinoSoft Serv-U 10.0.0.2

不受影响系统：

RhinoSoft Serv-U 11.1.0.3

描述：

---

BUGTRAQ  ID: 50881

Serv-U FTP是一款FTP服务程序。

RhinoSoft Serv-U FTPS Server实现上存在漏洞，虽然命令通道上SSL协商失败，但服务器还是让命令通道处于运行状态，可被利用执行中间人攻击。

<*来源：vendor
  
  链接：http://www.serv-u.com/releasenotes/archive/releasenotes11x.inc
*>

建议：

---

临时解决方法：

更新到版本11.1.0.3

厂商补丁：

RhinoSoft
---------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.serv-u.com/

浏览次数：3102
严重程度：0（网友投票）