Details of VAR-200411-0127

ID

VAR-200411-0127

CVE

CVE-2004-0330

TITLE

SolarWinds of Serv-U File Server Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2004-000835

DESCRIPTION

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command. SolarWinds of Serv-U File Server Exists in a buffer error vulnerability.None. The problem exists due to insufficient bounds checking. Ultimately an attacker may leverage this issue to have arbitrary instructions executed in the context of the SYSTEM user

Trust: 1.89

sources: NVD: CVE-2004-0330 // JVNDB: JVNDB-2004-000835 // BID: 9751

AFFECTED PRODUCTS

vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.16	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.0	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.3	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.17	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.3	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.1	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.0.0.4	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.0	Trust: 1.8
vendor:	solarwinds	model:	serv-u file server	scope:	lte	version:	5.0.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	lte	version:	5.0.0.0 and earlier	Trust: 0.8
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	-	Trust: 0.8
vendor:	solarwinds	model:	serv-u file server	scope:	-	version:	-	Trust: 0.8
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.1	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.17	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.16	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.2	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1.0.11	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	ne	version:	5.0.0.9	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	ne	version:	5.0.0.6	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	ne	version:	5.0.0.4	Trust: 0.3

sources: BID: 9751 // JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0330
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-0330
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200411-118
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2004-0330
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000835 // NVD: CVE-2004-0330

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

PATCH

title:

SolarWinds Serv-U File Server Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125157

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0330	Trust: 3.5
db:	BID	id:	9751	Trust: 2.7
db:	JVNDB	id:	JVNDB-2004-000835	Trust: 0.8
db:	NSFOCUS	id:	6078	Trust: 0.6
db:	CNNVD	id:	CNNVD-200411-118	Trust: 0.6

sources: BID: 9751 // JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

REFERENCES

url:	http://marc.info/?l=bugtraq&m=107781164214399&w=2	Trust: 2.4
url:	http://www.securityfocus.com/bid/9751	Trust: 2.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15323	Trust: 2.4
url:	http://www.cnhonker.com/advisory/serv-u.mdtm.txt	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0330	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0330	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6078	Trust: 0.6
url:	http://www.serv-u.com/	Trust: 0.3
url:	http://support.coresecurity.com/impact/exploits/c4bfbbd959bb266cfce95908cc920d4a.html	Trust: 0.3
url:	/archive/1/355367	Trust: 0.3
url:	/archive/1/355537	Trust: 0.3

sources: BID: 9751 // JVNDB: JVNDB-2004-000835 // CNNVD: CNNVD-200411-118 // NVD: CVE-2004-0330

CREDITS

bkbll bkbll@cnhonker.net

Trust: 0.6

sources: CNNVD: CNNVD-200411-118

SOURCES

db:	BID	id:	9751
db:	JVNDB	id:	JVNDB-2004-000835
db:	CNNVD	id:	CNNVD-200411-118
db:	NVD	id:	CVE-2004-0330

LAST UPDATE DATE

2024-08-14T14:59:24.952000+00:00

SOURCES UPDATE DATE

db:	BID	id:	9751	date:	2009-07-12T03:06:00
db:	JVNDB	id:	JVNDB-2004-000835	date:	2024-06-03T09:35:00
db:	CNNVD	id:	CNNVD-200411-118	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2004-0330	date:	2020-07-28T14:34:30.313

SOURCES RELEASE DATE

db:	BID	id:	9751	date:	2004-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2004-000835	date:	2024-06-03T00:00:00
db:	CNNVD	id:	CNNVD-200411-118	date:	2004-02-26T00:00:00
db:	NVD	id:	CVE-2004-0330	date:	2004-11-23T05:00:00