SolarWinds recently issued a security advisory to address a Directory Traversal vulnerability within its Serv-U File Transfer solution. This vulnerability, identified as CVE-2024-28995 with a severity rating of 8.6 (High), enabled threat actors to access sensitive files on the host machine.
The affected products included various SolarWinds Serv-U products on both Windows and Linux platforms. However, the company swiftly resolved the issue in the latest version, SolarWinds Serv-U 15.4.2 HF 2, and strongly advised users to upgrade to the most recent version to mitigate any potential risks.
Reports shared with Cyber Security News indicated that this vulnerability impacted Server-U FTP server 15.4, Serv-U Gateway 15.4, and Serv-U MFT Server 15.4. Serv-U, a C++-based application, primarily comprised the code in the Serv-U.dll binary. Upon further examination of the binary, it was found that a function called sub_18016DC30 had been altered.
This modified function processed file paths with additional security checks, specifically targeting the double dot path segment (\..\) for sanitization. Most of the function’s use cases involved two HTTP request parameters, InternalDir and InternalFile, both of which called the vulnerable function.
By injecting a directory traversal payload into these parameters on a vulnerable Serv-U version, the application unwittingly triggered the directory traversal vulnerability. This flaw could be manipulated to access arbitrary files on the target server, potentially leading to the exposure of sensitive information.
In the event that Serv-U is installed on a Windows machine, critical system data is stored in the directory: C:\ProgramData\RhinoSoft\Serv-U\. Notably, the Serv-U-StartupLog.txt file within the system data folder contains application logging information, including the version number of the target Serv-U server.
On a Linux platform, this vulnerability can also exploit certain weaknesses to gain unauthorized access to sensitive files. To address this issue, SolarWinds recommends that users upgrade to the latest version or apply the 15.4.2 Hotfix 2 as a remediation measure.
The broader implications of this vulnerability underscore the importance of timely software updates and patch management practices to safeguard critical infrastructure and sensitive data. Security advisories such as these serve as essential tools in the ongoing battle against cyber threats, highlighting the need for constant vigilance and proactive cybersecurity measures.
In conclusion, the timely identification and resolution of vulnerabilities like the one in SolarWinds Serv-U are crucial steps in maintaining the integrity and security of digital environments. By staying informed and implementing recommended security measures, organizations can effectively mitigate risks and protect their assets from malicious actors in an ever-evolving threat landscape.