ID

VAR-200903-0362


CVE

CVE-2009-0967


TITLE

Serv-U of FTP Service disruption at the server (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-005892

DESCRIPTION

The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will allow attackers to deny service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Serv-U 7.4.0.1 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2009-0967 // JVNDB: JVNDB-2009-005892 // BID: 34127

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.2

Trust: 1.0

vendor:rhinomodel:serv-u ftp serverscope:eqversion:7.0.0.1 to 7.4.0.1

Trust: 0.8

vendor:serv umodel:serv-uscope:eqversion:7.4.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.4.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.2.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.2.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.3.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.3.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.3.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:7.0.0.1

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:7.4.0.1

Trust: 0.3

sources: BID: 34127 // JVNDB: JVNDB-2009-005892 // CNNVD: CNNVD-200903-324 // NVD: CVE-2009-0967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0967
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-0967
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200903-324
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2009-0967
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2009-005892 // CNNVD: CNNVD-200903-324 // NVD: CVE-2009-0967

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2009-005892 // NVD: CVE-2009-0967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-324

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200903-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005892

PATCH

title:Top Pageurl:http://www.serv-u.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005892

EXTERNAL IDS

db:NVDid:CVE-2009-0967

Trust: 2.4

db:BIDid:34127

Trust: 1.9

db:EXPLOIT-DBid:8212

Trust: 1.6

db:JVNDBid:JVNDB-2009-005892

Trust: 0.8

db:CNNVDid:CNNVD-200903-324

Trust: 0.6

sources: BID: 34127 // JVNDB: JVNDB-2009-005892 // CNNVD: CNNVD-200903-324 // NVD: CVE-2009-0967

REFERENCES

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/49260

Trust: 1.6

url:http://www.securityfocus.com/bid/34127

Trust: 1.6

url:https://www.exploit-db.com/exploits/8212

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0967

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0967

Trust: 0.8

url:http://www.serv-u.com/

Trust: 0.3

sources: BID: 34127 // JVNDB: JVNDB-2009-005892 // CNNVD: CNNVD-200903-324 // NVD: CVE-2009-0967

CREDITS

Jonathan Salwan submit@shell-storm.org

Trust: 0.6

sources: CNNVD: CNNVD-200903-324

SOURCES

db:BIDid:34127
db:JVNDBid:JVNDB-2009-005892
db:CNNVDid:CNNVD-200903-324
db:NVDid:CVE-2009-0967

LAST UPDATE DATE

2024-11-23T23:13:07.853000+00:00


SOURCES UPDATE DATE

db:BIDid:34127date:2009-11-20T17:05:00
db:JVNDBid:JVNDB-2009-005892date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200903-324date:2020-07-29T00:00:00
db:NVDid:CVE-2009-0967date:2024-11-21T01:01:21.797

SOURCES RELEASE DATE

db:BIDid:34127date:2009-03-16T00:00:00
db:JVNDBid:JVNDB-2009-005892date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200903-324date:2009-03-19T00:00:00
db:NVDid:CVE-2009-0967date:2009-03-19T10:30:00.530