ID

VAR-200511-0474


CVE

CVE-2005-3467


TITLE

RhinoSoft Serv-U FTP Server Unknown denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

DESCRIPTION

Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. Serv-U FTP server is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to handle exceptional conditions. Specific details regarding this issue are not currently available, this BID will be updated as more information becomes available. An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users. TITLE: Serv-U FTP Server Potential Denial of Service Vulnerability SECUNIA ADVISORY ID: SA17409 VERIFY ADVISORY: http://secunia.com/advisories/17409/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Serv-U FTP Server 6.x http://secunia.com/product/5878/ DESCRIPTION: A vulnerability has been reported in Serv-U, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). NOTE: The ZLib and OpenSSL libraries have also been changed to version v1.2.3 and v0.9.8a respectively. SOLUTION: Update to version 6.1.0.4. http://www.serv-u.com/dn.asp PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes.asp OTHER REFERENCES: SA17151: http://secunia.com/advisories/17151/ SA16137: http://secunia.com/advisories/16137/ SA15949: http://secunia.com/advisories/15949/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2005-3467 // BID: 15273 // PACKETSTORM: 41190

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.9

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.16

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:4.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.0.0.11

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:6.0.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:5.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:lteversion:6.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:3.0.0.17

Trust: 1.0

vendor:serv umodel:serv-uscope:eqversion:6.0.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.2.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:6.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.2.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:6.0.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.9

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:6.0.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:5.0.0.11

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:6.1.0.1

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:6.1.0.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:6.1.0.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:6.0.0.2

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:6.0.0.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:6.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.2.0.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.2.0.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.1.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.9

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.6

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:5.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.2

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1.0.11

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:4.0.0.4

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:3.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:2.5

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:6.1.0.4

Trust: 0.3

sources: BID: 15273 // CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3467
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200511-049
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2005-3467
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2005-3467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

PATCH

title:RhinoSoft Serv-U FTP Server Unrecognized denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125153

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

EXTERNAL IDS

db:BIDid:15273

Trust: 1.9

db:SECUNIAid:17409

Trust: 1.7

db:NVDid:CVE-2005-3467

Trust: 1.6

db:SECTRACKid:1015151

Trust: 1.6

db:VUPENid:ADV-2005-2267

Trust: 1.6

db:CNNVDid:CNNVD-200511-049

Trust: 0.6

db:PACKETSTORMid:41190

Trust: 0.1

sources: BID: 15273 // PACKETSTORM: 41190 // CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

REFERENCES

url:http://www.serv-u.com/releasenotes.asp

Trust: 2.0

url:http://www.vupen.com/english/advisories/2005/2267

Trust: 1.6

url:http://www.securityfocus.com/bid/15273

Trust: 1.6

url:http://secunia.com/advisories/17409

Trust: 1.6

url:http://securitytracker.com/id?1015151

Trust: 1.6

url:http://www.serv-u.com/

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/16137/

Trust: 0.1

url:http://secunia.com/advisories/15949/

Trust: 0.1

url:http://www.serv-u.com/dn.asp

Trust: 0.1

url:http://secunia.com/advisories/17409/

Trust: 0.1

url:http://secunia.com/product/5878/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/17151/

Trust: 0.1

sources: BID: 15273 // PACKETSTORM: 41190 // CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

CREDITS

RhinoSoft

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

SOURCES

db:BIDid:15273
db:PACKETSTORMid:41190
db:CNNVDid:CNNVD-200511-049
db:NVDid:CVE-2005-3467

LAST UPDATE DATE

2024-11-23T20:00:54.008000+00:00


SOURCES UPDATE DATE

db:BIDid:15273date:2005-11-02T00:00:00
db:CNNVDid:CNNVD-200511-049date:2020-07-29T00:00:00
db:NVDid:CVE-2005-3467date:2024-11-21T00:01:58.023

SOURCES RELEASE DATE

db:BIDid:15273date:2005-11-02T00:00:00
db:PACKETSTORMid:41190date:2005-11-03T01:02:14
db:CNNVDid:CNNVD-200511-049date:2005-11-02T00:00:00
db:NVDid:CVE-2005-3467date:2005-11-02T23:02:00