Details of VAR-200412-0836

ID

VAR-200412-0836

CVE

CVE-2004-2532

TITLE

SolarWinds Serv-U File Server Trust Management Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

DESCRIPTION

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command. The weak account can be used to log into the site maintenance interface on the loopback interface only, and to create user accounts

Trust: 1.17

sources: NVD: CVE-2004-2532 // BID: 10886

AFFECTED PRODUCTS

vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.4	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.1	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.17	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	lte	version:	5.0.0.11	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.0.0.4	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.9	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.16	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.0	Trust: 1.0
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.1	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.17	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.16	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.4	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.11	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	6.0.0.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	6.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.2.0.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.1.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.9	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.6	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.2	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1.0.11	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 10886 // CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2532
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-693
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2004-2532
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.0

sources: NVD: CVE-2004-2532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

PATCH

title:

SolarWinds Serv-U File Server Repair measures for trust management problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125159

Trust: 0.6

sources: CNNVD: CNNVD-200412-693

EXTERNAL IDS

db:	BID	id:	10886	Trust: 1.9
db:	OSVDB	id:	8877	Trust: 1.6
db:	NVD	id:	CVE-2004-2532	Trust: 1.6
db:	CNNVD	id:	CNNVD-200412-693	Trust: 0.6

sources: BID: 10886 // CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

REFERENCES

url:	http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/10886	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16925	Trust: 1.6
url:	http://www.osvdb.org/8877	Trust: 1.6
url:	http://www.serv-u.com/	Trust: 0.3
url:	http://support.coresecurity.com/impact/exploits/16d127c3a0ee7d8db396b1aa40eeef5e.html	Trust: 0.3

sources: BID: 10886 // CNNVD: CNNVD-200412-693 // NVD: CVE-2004-2532

CREDITS

Discovery is credited to aT4r ins4n3 <at4r@ciberdreams.com>.

Trust: 0.9

sources: BID: 10886 // CNNVD: CNNVD-200412-693

SOURCES

db:	BID	id:	10886
db:	CNNVD	id:	CNNVD-200412-693
db:	NVD	id:	CVE-2004-2532

LAST UPDATE DATE

2024-08-14T13:51:13.580000+00:00

SOURCES UPDATE DATE

db:	BID	id:	10886	date:	2004-08-08T00:00:00
db:	CNNVD	id:	CNNVD-200412-693	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2004-2532	date:	2020-07-28T14:34:40.203

SOURCES RELEASE DATE

db:	BID	id:	10886	date:	2004-08-08T00:00:00
db:	CNNVD	id:	CNNVD-200412-693	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2532	date:	2004-12-31T05:00:00