Checking for cmd:[ -u /usr/local/Serv-U/Serv-U ] is not ideal, as the executable is setuid root for both the patched and unpatched versions.
Version detection isn't simple either, as the software isn't installed using a package manager. The version could be extracted from /usr/local/Serv-U/Serv-U-StartupLog.txt if the file exists; however, that is also not reliable, as attempts to execute the Serv-U binary by non-root users result in the log file being overwritten, thus removing the version string.
Add Serv-U FTP Server exploit (CVE-2019-12181).
Checking for
cmd:[ -u /usr/local/Serv-U/Serv-U ]is not ideal, as the executable is setuid root for both the patched and unpatched versions.Version detection isn't simple either, as the software isn't installed using a package manager. The version could be extracted from
/usr/local/Serv-U/Serv-U-StartupLog.txtif the file exists; however, that is also not reliable, as attempts to execute theServ-Ubinary by non-root users result in the log file being overwritten, thus removing the version string.