CVE-2009-4006

RhinoSoft Serv-U <9.1.0.0 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4006. PoCs published by Metasploit, including Metasploit module exploits/windows/http/servu_session_cookie.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in Rhinosoft Serv-U 9.0.0.5 via a maliciously crafted session cookie in a POST request. It includes SEH-based exploitation for Windows 2000/XP and NX bypass techniques for Windows 2003 SP2.

Description

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16775

This is a Metasploit module exploiting a buffer overflow in Rhinosoft Serv-U 9.0.0.5 via a maliciously crafted session cookie in a POST request. It includes SEH-based exploitation for Windows 2000/XP and NX bypass techniques for Windows 2003 SP2.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Rhinosoft Serv-U 9.0.0.5
No auth needed
Prerequisites: Network access to the Serv-U web interface (port 80)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/servu_session_cookie.rb

This Metasploit module exploits a buffer overflow in Rhinosoft Serv-U 9.0.0.5 by sending a crafted POST request with an overly long session cookie, leading to arbitrary code execution. It includes SEH and NX bypass techniques for different Windows targets.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Rhinosoft Serv-U 9.0.0.5
No auth needed
Prerequisites: Network access to the target server · Serv-U 9.0.0.5 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3277
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54322
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/60427
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023199
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507955/100/0/threaded
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2009-46/
Various Sources x_refsource_misc
http://www.serv-u.com/releasenotes/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37228
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37051

Scores

EPSS 0.8293
EPSS Percentile 99.6%

Details

CWE
CWE-119
Status published
Products (28)
solarwinds/serv-u_file_server 7.0.0.1
solarwinds/serv-u_file_server 7.0.0.2
solarwinds/serv-u_file_server 7.0.0.3
solarwinds/serv-u_file_server 7.0.0.4
solarwinds/serv-u_file_server 7.1.0.0
solarwinds/serv-u_file_server 7.1.0.1
solarwinds/serv-u_file_server 7.1.0.2
solarwinds/serv-u_file_server 7.2.0.0
solarwinds/serv-u_file_server 7.2.0.1
solarwinds/serv-u_file_server 7.3.0.0
... and 18 more
Published Nov 20, 2009
Tracked Since Feb 18, 2026