GEN:SID 1:2546
Message FTP MDTM overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the Serv-U FTP server, namely the MDTM buffer overflow.
Impact Serious. Denial of service is possible; when combined with shellcode,
arbitrary code can be remotely executed with SYSTEM privileges.
Detailed Information The vulnerability in question is a buffer overflow present in the handling
of the MDTM command in the RhinoSoft Serv-U FTP server for Windows.

The rule searches for an MDTM command which is not terminated within 100
characters; no valid command would be longer than this.
Affected Systems All versions of RhinoSoft Serv-U FTP 4.2 and earlier.
Attack Scenarios Several scripts exist to exploit this flaw, and shellcode is publicly available.
An attacker could either use one of these scripts, craft their own, or simply
manually enter an MDTM command which triggers the overflow after having logged
into a vulnerable server.
Ease of Attack Simple. Exploit code exists.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References  
Rule References bugtraq: 9751
cve: 2001-1021
cve: 2004-0330
nessus: 12080