CVE-2019-12181

Vulnerability

SolarWinds Serv-U FTP Server before version 15.1.7 for Linux contains a privilege escalation vulnerability. The serv-u binary is installed as a SUID executable owned by root, allowing local users to execute it with elevated privileges. The vulnerability is a command injection in the prepareinstallation function, where user-controlled parameters are not properly sanitized before being passed to execve() [1].

Exploitation

An attacker with local access to the system can exploit this by executing the serv-u binary with a crafted argument to the prepareinstallation command. The attacker does not need any special permissions beyond the ability to run binaries. The exploit triggers the injection of additional commands that are executed with root privileges due to the SUID bit [1].

Impact

Successful exploitation grants the attacker root-level access to the system. The attacker can execute arbitrary commands as root, leading to full compromise of the host. This includes the ability to read, modify, or delete any files, install malware, or pivot to other systems [1].

Mitigation

The vulnerability is fixed in Serv-U version 15.1.7. Users should upgrade to this version or later. As a workaround, the SUID bit can be removed from the serv-u binary, but this may affect functionality. No known KEV listing exists [1].