Details of VAR-200511-0474

ID

VAR-200511-0474

CVE

CVE-2005-3467

TITLE

RhinoSoft Serv-U FTP Server Unknown denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

DESCRIPTION

Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities. Serv-U FTP server is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to handle exceptional conditions. Specific details regarding this issue are not currently available, this BID will be updated as more information becomes available. An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users. TITLE: Serv-U FTP Server Potential Denial of Service Vulnerability SECUNIA ADVISORY ID: SA17409 VERIFY ADVISORY: http://secunia.com/advisories/17409/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Serv-U FTP Server 6.x http://secunia.com/product/5878/ DESCRIPTION: A vulnerability has been reported in Serv-U, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). NOTE: The ZLib and OpenSSL libraries have also been changed to version v1.2.3 and v0.9.8a respectively. SOLUTION: Update to version 6.1.0.4. http://www.serv-u.com/dn.asp PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes.asp OTHER REFERENCES: SA17151: http://secunia.com/advisories/17151/ SA16137: http://secunia.com/advisories/16137/ SA15949: http://secunia.com/advisories/15949/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.26

sources: NVD: CVE-2005-3467 // BID: 15273 // PACKETSTORM: 41190

AFFECTED PRODUCTS

vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.1	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.17	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.2.0.1	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	6.1.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.0.0.16	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	6.0.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.1.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	3.1.0.3	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.4	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	6.0.0.1	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	6.0.0.2	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.2.0.0	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	lte	version:	6.1.0.1	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	4.0.0.4	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.11	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.0.0.9	Trust: 1.0
vendor:	solarwinds	model:	serv-u file server	scope:	eq	version:	5.1.0.0	Trust: 1.0
vendor:	serv u	model:	serv-u	scope:	eq	version:	6.0.0.2	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.2.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	6.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.2.0.1	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	6.0.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.9	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	6.0.0.1	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.1.0.0	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	5.0.0.11	Trust: 0.6
vendor:	serv u	model:	serv-u	scope:	eq	version:	6.1.0.1	Trust: 0.6
vendor:	rhino	model:	software serv-u	scope:	eq	version:	6.1.0.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	6.1.0.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	6.0.0.2	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	6.0.0.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	6.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.2.0.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.2.0.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.1.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.9	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.6	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	5.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.2	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1.0.11	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	4.0.0.4	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.1	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	3.0	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	eq	version:	2.5	Trust: 0.3
vendor:	rhino	model:	software serv-u	scope:	ne	version:	6.1.0.4	Trust: 0.3

sources: BID: 15273 // CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3467
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200511-049
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2005-3467
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2005-3467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

PATCH

title:

RhinoSoft Serv-U FTP Server Unrecognized denial of service vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125153

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

EXTERNAL IDS

db:	BID	id:	15273	Trust: 1.9
db:	SECUNIA	id:	17409	Trust: 1.7
db:	NVD	id:	CVE-2005-3467	Trust: 1.6
db:	SECTRACK	id:	1015151	Trust: 1.6
db:	VUPEN	id:	ADV-2005-2267	Trust: 1.6
db:	CNNVD	id:	CNNVD-200511-049	Trust: 0.6
db:	PACKETSTORM	id:	41190	Trust: 0.1

sources: BID: 15273 // PACKETSTORM: 41190 // CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

REFERENCES

url:	http://www.serv-u.com/releasenotes.asp	Trust: 2.0
url:	http://www.vupen.com/english/advisories/2005/2267	Trust: 1.6
url:	http://www.securityfocus.com/bid/15273	Trust: 1.6
url:	http://secunia.com/advisories/17409	Trust: 1.6
url:	http://securitytracker.com/id?1015151	Trust: 1.6
url:	http://www.serv-u.com/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/16137/	Trust: 0.1
url:	http://secunia.com/advisories/15949/	Trust: 0.1
url:	http://www.serv-u.com/dn.asp	Trust: 0.1
url:	http://secunia.com/advisories/17409/	Trust: 0.1
url:	http://secunia.com/product/5878/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/17151/	Trust: 0.1

sources: BID: 15273 // PACKETSTORM: 41190 // CNNVD: CNNVD-200511-049 // NVD: CVE-2005-3467

CREDITS

RhinoSoft

Trust: 0.6

sources: CNNVD: CNNVD-200511-049

SOURCES

db:	BID	id:	15273
db:	PACKETSTORM	id:	41190
db:	CNNVD	id:	CNNVD-200511-049
db:	NVD	id:	CVE-2005-3467

LAST UPDATE DATE

2024-08-14T12:09:59.306000+00:00

SOURCES UPDATE DATE

db:	BID	id:	15273	date:	2005-11-02T00:00:00
db:	CNNVD	id:	CNNVD-200511-049	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2005-3467	date:	2020-07-28T14:35:06.513

SOURCES RELEASE DATE

db:	BID	id:	15273	date:	2005-11-02T00:00:00
db:	PACKETSTORM	id:	41190	date:	2005-11-03T01:02:14
db:	CNNVD	id:	CNNVD-200511-049	date:	2005-11-02T00:00:00
db:	NVD	id:	CVE-2005-3467	date:	2005-11-02T23:02:00