Details of VAR-200212-0717

ID

VAR-200212-0717

CVE

CVE-2002-2393

TITLE

SolarWinds Serv-U File Server Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-716

DESCRIPTION

Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands. A denial of service vulnerability has been reported for Serv-U FTP server. The vulnerability is a result of Serv-U FTP Server processing certain commands. When the Serv-U server receives a MKD command it attempts to verify whether the user that issued the command has sufficient rights. When performing this verification, it will not accept any more connections. An attacker that issues many such commands will prevent the server from accepting connections for an indefinite period of time thus creating the denial of service condition

Trust: 1.17

sources: NVD: CVE-2002-2393 // BID: 6112

AFFECTED PRODUCTS

vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.0.0.4	Trust: 1.0
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	ne	version:	4.1	Trust: 0.3

sources: BID: 6112 // CNNVD: CNNVD-200212-716 // NVD: CVE-2002-2393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2393
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-716
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2002-2393
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200212-716 // NVD: CVE-2002-2393

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2002-2393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-716

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200212-716

PATCH

title:

SolarWinds Serv-U File Server Enter the fix for the verification error vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125160

Trust: 0.6

sources: CNNVD: CNNVD-200212-716

EXTERNAL IDS

db:	BID	id:	6112	Trust: 1.9
db:	NVD	id:	CVE-2002-2393	Trust: 1.6
db:	CNNVD	id:	CNNVD-200212-716	Trust: 0.6

sources: BID: 6112 // CNNVD: CNNVD-200212-716 // NVD: CVE-2002-2393

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2002-11/0109.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/6112	Trust: 1.6
url:	http://www.iss.net/security_center/static/10573.php	Trust: 1.6
url:	http://www.serv-u.com/	Trust: 0.3
url:	/archive/1/299087	Trust: 0.3

sources: BID: 6112 // CNNVD: CNNVD-200212-716 // NVD: CVE-2002-2393

CREDITS

Discovery of this vulnerability credited to Matt Thompson and Paul Smurthwaite.

Trust: 0.9

sources: BID: 6112 // CNNVD: CNNVD-200212-716

SOURCES

db:	BID	id:	6112
db:	CNNVD	id:	CNNVD-200212-716
db:	NVD	id:	CVE-2002-2393

LAST UPDATE DATE

2024-08-14T14:29:34.768000+00:00

SOURCES UPDATE DATE

db:	BID	id:	6112	date:	2002-11-06T00:00:00
db:	CNNVD	id:	CNNVD-200212-716	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2002-2393	date:	2020-07-28T14:34:16.423

SOURCES RELEASE DATE

db:	BID	id:	6112	date:	2002-11-06T00:00:00
db:	CNNVD	id:	CNNVD-200212-716	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2393	date:	2002-12-31T05:00:00