ID

VAR-200412-0928


CVE

CVE-2004-2111


TITLE

SolarWinds Serv-U File Server Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-440

DESCRIPTION

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. The immediate consequences of this issue may be a denial of service. An attacker may be able to leverage this condition to execute arbitrary code in the context of the affected service, but this has not been confirmed. RhinoSoft Serv-U FTP Server is reportedly prone to a buffer overflow. The issue exists when a 'site chmod' command is issued on a non-existant file. Execution of arbitrary code may be possible

Trust: 1.44

sources: NVD: CVE-2004-2111 // BID: 9675 // BID: 9483

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:lteversion:4.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.16

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.17

Trust: 1.0

vendor:rhinomodel:software serv-uscope:eqversion:4.1.0.11

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:4.1

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:4.0.0.4

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:3.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.17

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.0.0.16

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:3.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:4.0.0.4

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:4.2

Trust: 0.3

sources: BID: 9675 // BID: 9483 // CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2111
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-440
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2004-2111
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2004-2111

THREAT TYPE

network

Trust: 0.6

sources: BID: 9675 // BID: 9483

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 9675 // BID: 9483

PATCH

title:SolarWinds Serv-U File Server Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125158

Trust: 0.6

sources: CNNVD: CNNVD-200412-440

EXTERNAL IDS

db:NVDid:CVE-2004-2111

Trust: 2.2

db:BIDid:9675

Trust: 1.9

db:BIDid:9483

Trust: 1.9

db:SECTRACKid:1008841

Trust: 1.6

db:CNNVDid:CNNVD-200412-440

Trust: 0.6

sources: BID: 9675 // BID: 9483 // CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

REFERENCES

url:http://marc.info/?l=bugtraq&m=107513654005840&w=2

Trust: 1.6

url:http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html

Trust: 1.6

url:http://www.securityfocus.com/bid/9483

Trust: 1.6

url:http://securitytracker.com/id?1008841

Trust: 1.6

url:http://www.securityfocus.com/bid/9675

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/14931

Trust: 1.6

url:http://www.serv-u.com/

Trust: 0.6

url:http://www.securityfocus.com/archive/82/354209/2004-02-14/2004-02-20/0

Trust: 0.3

url:http://support.coresecurity.com/impact/exploits/c52bc27fc64926728837098d76813550.html

Trust: 0.3

url:http://www.0x557.org/release/servu.txt

Trust: 0.3

sources: BID: 9675 // BID: 9483 // CNNVD: CNNVD-200412-440 // NVD: CVE-2004-2111

CREDITS

kkqq kkqq@0x557.org

Trust: 0.6

sources: CNNVD: CNNVD-200412-440

SOURCES

db:BIDid:9675
db:BIDid:9483
db:CNNVDid:CNNVD-200412-440
db:NVDid:CVE-2004-2111

LAST UPDATE DATE

2024-11-23T22:43:45.331000+00:00


SOURCES UPDATE DATE

db:BIDid:9675date:2007-11-15T00:37:00
db:BIDid:9483date:2009-07-12T02:06:00
db:CNNVDid:CNNVD-200412-440date:2020-07-29T00:00:00
db:NVDid:CVE-2004-2111date:2024-11-20T23:52:31.207

SOURCES RELEASE DATE

db:BIDid:9675date:2004-02-16T00:00:00
db:BIDid:9483date:2004-01-24T00:00:00
db:CNNVDid:CNNVD-200412-440date:2004-01-29T00:00:00
db:NVDid:CVE-2004-2111date:2004-12-31T05:00:00