ID

VAR-200404-0080


CVE

CVE-2004-1992


TITLE

SolarWinds Serv-U File Server Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

DESCRIPTION

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. Reportedly Serv-U is affected by a remote buffer overflow vulnerability in the list parameter. This issue is due to a failure of the application to properly validate buffer boundaries during processing of user input. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application, although this has not been confirmed

Trust: 1.17

sources: NVD: CVE-2004-1992 // BID: 10181

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:lteversion:5.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.16

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.17

Trust: 1.0

vendor:serv umodel:serv-uscope:eqversion:3.1.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.17

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.16

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.4

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.2

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1.0.11

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:5.0.0.6

Trust: 0.3

sources: BID: 10181 // CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1992
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200404-075
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2004-1992
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2004-1992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

PATCH

title:SolarWinds Serv-U File Server Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125155

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

EXTERNAL IDS

db:BIDid:10181

Trust: 1.9

db:NVDid:CVE-2004-1992

Trust: 1.6

db:SECTRACKid:1009869

Trust: 1.6

db:OSVDBid:5546

Trust: 1.6

db:SECUNIAid:11430

Trust: 1.6

db:CNNVDid:CNNVD-200404-075

Trust: 0.6

sources: BID: 10181 // CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

REFERENCES

url:http://www.securiteam.com/windowsntfocus/5zp0g2kcka.html

Trust: 1.9

url:http://secunia.com/advisories/11430

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=108360377119290&w=2

Trust: 1.6

url:http://marc.info/?l=ntbugtraq&m=108359620108234&w=2

Trust: 1.6

url:http://www.securityfocus.com/bid/10181

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15913

Trust: 1.6

url:http://securitytracker.com/id?1009869

Trust: 1.6

url:http://www.osvdb.org/5546

Trust: 1.6

url:http://www.serv-u.com/

Trust: 0.3

sources: BID: 10181 // CNNVD: CNNVD-200404-075 // NVD: CVE-2004-1992

CREDITS

storm storm@stormdev.net

Trust: 0.6

sources: CNNVD: CNNVD-200404-075

SOURCES

db:BIDid:10181
db:CNNVDid:CNNVD-200404-075
db:NVDid:CVE-2004-1992

LAST UPDATE DATE

2024-11-23T22:15:35.231000+00:00


SOURCES UPDATE DATE

db:BIDid:10181date:2004-04-20T00:00:00
db:CNNVDid:CNNVD-200404-075date:2020-07-29T00:00:00
db:NVDid:CVE-2004-1992date:2024-11-20T23:52:14.560

SOURCES RELEASE DATE

db:BIDid:10181date:2004-04-20T00:00:00
db:CNNVDid:CNNVD-200404-075date:2004-04-20T00:00:00
db:NVDid:CVE-2004-1992date:2004-04-20T04:00:00