ID

VAR-200409-0066


CVE

CVE-2004-1675


TITLE

SolarWinds Serv-U File Server Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200409-022

DESCRIPTION

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. Serv-U FTP Server is reported prone to a denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions. The vulnerability is a result of Serv-U FTP Server processing certain 'STOU' commands. All versions of Serv-U prior to 5.2.0.1 are reportedly affected by this vulnerability

Trust: 1.17

sources: NVD: CVE-2004-1675 // BID: 11155

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.11

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.9

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.0

Trust: 1.0

vendor:serv umodel:serv-uscope:eqversion:5.2.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.2.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.9

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.11

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:5.2.0.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.1.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.9

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.6

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.2

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1.0.11

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:5.2.0.1

Trust: 0.3

sources: BID: 11155 // CNNVD: CNNVD-200409-022 // NVD: CVE-2004-1675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1675
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200409-022
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2004-1675
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200409-022 // NVD: CVE-2004-1675

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2004-1675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200409-022

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200409-022

PATCH

title:SolarWinds Serv-U File Server Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125156

Trust: 0.6

sources: CNNVD: CNNVD-200409-022

EXTERNAL IDS

db:BIDid:11155

Trust: 1.9

db:NVDid:CVE-2004-1675

Trust: 1.6

db:SECUNIAid:12507

Trust: 1.6

db:CNNVDid:CNNVD-200409-022

Trust: 0.6

sources: BID: 11155 // CNNVD: CNNVD-200409-022 // NVD: CVE-2004-1675

REFERENCES

url:http://www.securityfocus.com/bid/11155

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17329

Trust: 1.6

url:http://secunia.com/advisories/12507/

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=109495074211638&w=2

Trust: 1.6

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1675

Trust: 0.6

url:http://www.serv-u.com/

Trust: 0.3

url:/archive/1/374888

Trust: 0.3

sources: BID: 11155 // CNNVD: CNNVD-200409-022 // NVD: CVE-2004-1675

CREDITS

Discovery is credited to Patrick <patrickthomassen@gmail.com>.

Trust: 0.9

sources: BID: 11155 // CNNVD: CNNVD-200409-022

SOURCES

db:BIDid:11155
db:CNNVDid:CNNVD-200409-022
db:NVDid:CVE-2004-1675

LAST UPDATE DATE

2024-08-14T14:35:51.998000+00:00


SOURCES UPDATE DATE

db:BIDid:11155date:2004-09-11T00:00:00
db:CNNVDid:CNNVD-200409-022date:2020-07-29T00:00:00
db:NVDid:CVE-2004-1675date:2020-07-28T14:34:51.580

SOURCES RELEASE DATE

db:BIDid:11155date:2004-09-11T00:00:00
db:CNNVDid:CNNVD-200409-022date:2004-09-11T00:00:00
db:NVDid:CVE-2004-1675date:2004-09-11T04:00:00