ID

VAR-200411-0127


CVE

CVE-2004-0330


TITLE

SolarWinds  of  Serv-U File Server  Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000835

DESCRIPTION

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. SolarWinds of Serv-U File Server Exists in a buffer error vulnerability.None. The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user

Trust: 1.89

sources: NVD: CVE-2004-0330 // JVNDB: JVNDB-2004-000835 // BID: 9751

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.16

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.0

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.3

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.17

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.3

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.1

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.0.0.4

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.0

Trust: 1.8

vendor:solarwindsmodel:serv-u file serverscope:lteversion:5.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:lteversion:5.0.0.0 and earlier

Trust: 0.8

vendor:solarwindsmodel:serv-u file serverscope:eqversion: -

Trust: 0.8

vendor:solarwindsmodel:serv-u file serverscope: - version: -

Trust: 0.8

vendor:serv umodel:serv-uscope:eqversion:3.1.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.17

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.16

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.0.0.4

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.2

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1.0.11

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:5.0.0.9

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:5.0.0.6

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:5.0.0.4

Trust: 0.3

sources: BID: 9751 // JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0330
value: HIGH

Trust: 1.0

NVD: CVE-2004-0330
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200411-118
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2004-0330
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2004-000835 // NVD: CVE-2004-0330

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

PATCH

title:SolarWinds Serv-U File Server Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125157

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

EXTERNAL IDS

db:NVDid:CVE-2004-0330

Trust: 3.5

db:BIDid:9751

Trust: 2.7

db:JVNDBid:JVNDB-2004-000835

Trust: 0.8

db:NSFOCUSid:6078

Trust: 0.6

db:CNNVDid:CNNVD-200411-118

Trust: 0.6

sources: BID: 9751 // JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

REFERENCES

url:http://marc.info/?l=bugtraq&m=107781164214399&w=2

Trust: 2.4

url:http://www.securityfocus.com/bid/9751

Trust: 2.4

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15323

Trust: 2.4

url:http://www.cnhonker.com/advisory/serv-u.mdtm.txt

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2004-0330

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0330

Trust: 0.6

url:http://www.nsfocus.net/vulndb/6078

Trust: 0.6

url:http://www.serv-u.com/

Trust: 0.3

url:http://support.coresecurity.com/impact/exploits/c4bfbbd959bb266cfce95908cc920d4a.html

Trust: 0.3

url:/archive/1/355367

Trust: 0.3

url:/archive/1/355537

Trust: 0.3

sources: BID: 9751 // JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

CREDITS

bkbll bkbll@cnhonker.net

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

SOURCES

db:BIDid:9751
db:JVNDBid:JVNDB-2004-000835
db:CNNVDid:CNNVD-200411-118
db:NVDid:CVE-2004-0330

LAST UPDATE DATE

2024-08-14T14:59:24.952000+00:00


SOURCES UPDATE DATE

db:BIDid:9751date:2009-07-12T03:06:00
db:JVNDBid:JVNDB-2004-000835date:2024-06-03T09:35:00
db:CNNVDid:CNNVD-200411-118date:2020-07-29T00:00:00
db:NVDid:CVE-2004-0330date:2020-07-28T14:34:30.313

SOURCES RELEASE DATE

db:BIDid:9751date:2004-02-26T00:00:00
db:JVNDBid:JVNDB-2004-000835date:2024-06-03T00:00:00
db:CNNVDid:CNNVD-200411-118date:2004-02-26T00:00:00
db:NVDid:CVE-2004-0330date:2004-11-23T05:00:00