ID

VAR-200808-0118


CVE

CVE-2008-3731


TITLE

Serv-U File Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-006155

DESCRIPTION

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability when handling certain SFTP commands. Exploiting this issue can cause the server to crash and deny service to legitimate users. Versions prior to Serv-U 7.2.0.1 are vulnerable. The vulnerability is caused due to an error within the logging functionality when creating directories via SFTP. This can be exploited to crash the service. Successful exploitation requires a valid account with write permissions. SOLUTION: Update to version 7.2.0.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-3731 // JVNDB: JVNDB-2008-006155 // BID: 30739 // PACKETSTORM: 69220

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.2

Trust: 1.0

vendor:rhinomodel:serv-u ftp serverscope:ltversion:7.0.0.1 and 7.2.0.1

Trust: 0.8

vendor:serv umodel:serv-uscope:eqversion:7.2.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.1.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.1.0.1

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:7.2.0.0

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:7.2.0.1

Trust: 0.3

sources: BID: 30739 // JVNDB: JVNDB-2008-006155 // CNNVD: CNNVD-200808-269 // NVD: CVE-2008-3731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3731
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-3731
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200808-269
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2008-3731
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2008-006155 // CNNVD: CNNVD-200808-269 // NVD: CVE-2008-3731

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2008-3731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200808-269

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200808-269

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-006155

PATCH

title:Serv-U FTP Server Release Notesurl:http://www.serv-u.com/releasenotes/

Trust: 0.8

title:SolarWinds Serv-U File Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125151

Trust: 0.6

sources: JVNDB: JVNDB-2008-006155 // CNNVD: CNNVD-200808-269

EXTERNAL IDS

db:NVDid:CVE-2008-3731

Trust: 2.7

db:BIDid:30739

Trust: 1.9

db:SECUNIAid:31461

Trust: 1.7

db:JVNDBid:JVNDB-2008-006155

Trust: 0.8

db:CNNVDid:CNNVD-200808-269

Trust: 0.6

db:PACKETSTORMid:69220

Trust: 0.1

sources: BID: 30739 // JVNDB: JVNDB-2008-006155 // PACKETSTORM: 69220 // CNNVD: CNNVD-200808-269 // NVD: CVE-2008-3731

REFERENCES

url:http://www.serv-u.com/releasenotes/

Trust: 2.0

url:http://secunia.com/advisories/31461

Trust: 1.6

url:http://www.securityfocus.com/bid/30739

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/44537

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3731

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3731

Trust: 0.8

url:http://www.serv-u.com/

Trust: 0.3

url:http://secunia.com/product/19573/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/secunia_security_specialist/

Trust: 0.1

url:http://secunia.com/advisories/31461/

Trust: 0.1

url:http://corporate.secunia.com/about_secunia/64/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: BID: 30739 // JVNDB: JVNDB-2008-006155 // PACKETSTORM: 69220 // CNNVD: CNNVD-200808-269 // NVD: CVE-2008-3731

CREDITS

RhinoSoft

Trust: 0.9

sources: BID: 30739 // CNNVD: CNNVD-200808-269

SOURCES

db:BIDid:30739
db:JVNDBid:JVNDB-2008-006155
db:PACKETSTORMid:69220
db:CNNVDid:CNNVD-200808-269
db:NVDid:CVE-2008-3731

LAST UPDATE DATE

2024-11-23T23:03:13.008000+00:00


SOURCES UPDATE DATE

db:BIDid:30739date:2015-05-07T17:24:00
db:JVNDBid:JVNDB-2008-006155date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200808-269date:2020-07-29T00:00:00
db:NVDid:CVE-2008-3731date:2024-11-21T00:49:59.230

SOURCES RELEASE DATE

db:BIDid:30739date:2008-07-30T00:00:00
db:JVNDBid:JVNDB-2008-006155date:2012-12-20T00:00:00
db:PACKETSTORMid:69220date:2008-08-20T05:04:04
db:CNNVDid:CNNVD-200808-269date:2008-08-20T00:00:00
db:NVDid:CVE-2008-3731date:2008-08-20T16:41:00