Details of VAR-200404-0080

ID

VAR-200404-0080

CVE

CVE-2004-1992

TITLE

SolarWinds Serv-U File Server Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

DESCRIPTION

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed

Trust: 1.17

sources: NVD: CVE-2004-1992 // BID: 10181

AFFECTED PRODUCTS

vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.1	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.17	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	lte	version:	5.0.0.4	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.0.0.4	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.16	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.0	Trust: 1.0
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.1	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.17	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.16	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.4	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.2	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1.0.11	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	ne	version:	5.0.0.6	Trust: 0.3

sources: BID: 10181 // CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1992
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200404-075
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2004-1992
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2004-1992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

PATCH

title:

SolarWinds Serv-U File Server Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125155

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

EXTERNAL IDS

db:	BID	id:	10181	Trust: 1.9
db:	NVD	id:	CVE-2004-1992	Trust: 1.6
db:	SECTRACK	id:	1009869	Trust: 1.6
db:	OSVDB	id:	5546	Trust: 1.6
db:	SECUNIA	id:	11430	Trust: 1.6
db:	CNNVD	id:	CNNVD-200404-075	Trust: 0.6

sources: BID: 10181 // CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

REFERENCES

url:	http://www.securiteam.com/windowsntfocus/5zp0g2kcka.html	Trust: 1.9
url:	http://secunia.com/advisories/11430	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=108360377119290&w=2	Trust: 1.6
url:	http://marc.info/?l=ntbugtraq&m=108359620108234&w=2	Trust: 1.6
url:	http://www.securityfocus.com/bid/10181	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15913	Trust: 1.6
url:	http://securitytracker.com/id?1009869	Trust: 1.6
url:	http://www.osvdb.org/5546	Trust: 1.6
url:	http://www.serv-u.com/	Trust: 0.3

sources: BID: 10181 // CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

CREDITS

storm storm@stormdev.net

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

SOURCES

db:	BID	id:	10181
db:	CNNVD	id:	CNNVD-200404-075
db:	NVD	id:	CVE-2004-1992

LAST UPDATE DATE

2024-08-14T14:00:46.199000+00:00

SOURCES UPDATE DATE

db:	BID	id:	10181	date:	2004-04-20T00:00:00
db:	CNNVD	id:	CNNVD-200404-075	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2004-1992	date:	2020-07-28T14:34:35.157

SOURCES RELEASE DATE

db:	BID	id:	10181	date:	2004-04-20T00:00:00
db:	CNNVD	id:	CNNVD-200404-075	date:	2004-04-20T00:00:00
db:	NVD	id:	CVE-2004-1992	date:	2004-04-20T04:00:00