Details of VAR-200412-0928

ID

VAR-200412-0928

CVE

CVE-2004-2111

TITLE

SolarWinds Serv-U File Server Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-440

DESCRIPTION

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed. RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. Execution of arbitrary code may be possible

Trust: 1.44

sources: NVD: CVE-2004-2111 // BID: 9675 // BID: 9483

AFFECTED PRODUCTS

vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.0.0.4	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.1	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.16	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.17	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	lte	version:	4.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.0	Trust: 1.0
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1.0.11	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.1	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.1	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.17	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.0.0.16	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.3	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	3.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	ne	version:	4.2	Trust: 0.3

sources: BID: 9675 // BID: 9483 // CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2111
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-440
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2004-2111
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2004-2111

THREAT TYPE

network

Trust: 0.6

sources: BID: 9675 // BID: 9483

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 9675 // BID: 9483

PATCH

title:

SolarWinds Serv-U File Server Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125158

Trust: 0.6

sources: CNNVD: CNNVD-200412-440

EXTERNAL IDS

db:	NVD	id:	CVE-2004-2111	Trust: 2.2
db:	BID	id:	9675	Trust: 1.9
db:	BID	id:	9483	Trust: 1.9
db:	SECTRACK	id:	1008841	Trust: 1.6
db:	CNNVD	id:	CNNVD-200412-440	Trust: 0.6

sources: BID: 9675 // BID: 9483 // CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

REFERENCES

url:	http://marc.info/?l=bugtraq&m=107513654005840&w=2	Trust: 1.6
url:	http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/9483	Trust: 1.6
url:	http://securitytracker.com/id?1008841	Trust: 1.6
url:	http://www.securityfocus.com/bid/9675	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/14931	Trust: 1.6
url:	http://www.serv-u.com/	Trust: 0.6
url:	http://www.securityfocus.com/archive/82/354209/2004-02-14/2004-02-20/0	Trust: 0.3
url:	http://support.coresecurity.com/impact/exploits/c52bc27fc64926728837098d76813550.html	Trust: 0.3
url:	http://www.0x557.org/release/servu.txt	Trust: 0.3

sources: BID: 9675 // BID: 9483 // CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

CREDITS

kkqq kkqq@0x557.org

Trust: 0.6

sources: CNNVD: CNNVD-200412-440

SOURCES

db:	BID	id:	9675
db:	BID	id:	9483
db:	CNNVD	id:	CNNVD-200412-440
db:	NVD	id:	CVE-2004-2111

LAST UPDATE DATE

2024-08-14T15:04:46.384000+00:00

SOURCES UPDATE DATE

db:	BID	id:	9675	date:	2007-11-15T00:37:00
db:	BID	id:	9483	date:	2009-07-12T02:06:00
db:	CNNVD	id:	CNNVD-200412-440	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2004-2111	date:	2020-07-28T14:34:21.937

SOURCES RELEASE DATE

db:	BID	id:	9675	date:	2004-02-16T00:00:00
db:	BID	id:	9483	date:	2004-01-24T00:00:00
db:	CNNVD	id:	CNNVD-200412-440	date:	2004-01-29T00:00:00
db:	NVD	id:	CVE-2004-2111	date:	2004-12-31T05:00:00