ID

VAR-200910-0169


CVE

CVE-2009-3655


TITLE

Rhino Software Serv-U Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-006418

DESCRIPTION

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. Serv-U is prone to a denial-of-service vulnerability. An unspecified error in the Boost module can be exploited to create new directories in the webroot directory of the web server. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Serv-U "SITE SET TRANSFERPROGRESS ON" Denial of Service SECUNIA ADVISORY ID: SA36873 VERIFY ADVISORY: http://secunia.com/advisories/36873/ DESCRIPTION: A vulnerability has been reported in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service). Successful exploitation requires valid user credentials and that "SITE SET" commands are enabled. The vulnerability is reported in Serv-U versions 7.0.0.1 through 8.2.0.3. SOLUTION: Fixed in version 9.0.0.1. Disable the "SITE SET" command. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-3655 // JVNDB: JVNDB-2009-006418 // BID: 79286 // PACKETSTORM: 81751 // PACKETSTORM: 81782

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.5

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.7

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.1

Trust: 1.0

vendor:rhinomodel:serv-u ftp serverscope:eqversion:7.0.0.1 to 8.2.0.3

Trust: 0.8

vendor:serv umodel:serv-uscope:eqversion:8.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.0.0.2

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.0.0.7

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.2.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.0.0.5

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.1.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.2.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.2.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.0.0.1

Trust: 0.6

sources: JVNDB: JVNDB-2009-006418 // CNNVD: CNNVD-200910-177 // NVD: CVE-2009-3655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3655
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3655
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200910-177
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2009-3655
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2009-006418 // CNNVD: CNNVD-200910-177 // NVD: CVE-2009-3655

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-3655

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200910-177

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200910-177

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-006418

PATCH

title:Serv-U FTP Server Release Notesurl:http://www.serv-u.com/releasenotes/

Trust: 0.8

title:SolarWinds Serv-U File Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125149

Trust: 0.6

sources: JVNDB: JVNDB-2009-006418 // CNNVD: CNNVD-200910-177

EXTERNAL IDS

db:NVDid:CVE-2009-3655

Trust: 2.7

db:SECUNIAid:36873

Trust: 1.7

db:JVNDBid:JVNDB-2009-006418

Trust: 0.8

db:SECUNIAid:36925

Trust: 0.7

db:OSVDBid:58424

Trust: 0.6

db:XFid:53553

Trust: 0.6

db:BIDid:36561

Trust: 0.6

db:CNNVDid:CNNVD-200910-177

Trust: 0.6

db:BIDid:79286

Trust: 0.3

db:PACKETSTORMid:81751

Trust: 0.1

db:PACKETSTORMid:81782

Trust: 0.1

sources: BID: 79286 // JVNDB: JVNDB-2009-006418 // PACKETSTORM: 81751 // PACKETSTORM: 81782 // CNNVD: CNNVD-200910-177 // NVD: CVE-2009-3655

REFERENCES

url:http://www.serv-u.com/releasenotes/

Trust: 2.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5798

Trust: 1.6

url:http://secunia.com/advisories/36873

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3655

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3655

Trust: 0.8

url:http://drupal.org/node/592490

Trust: 0.7

url:http://drupal.org/node/592470

Trust: 0.7

url:http://xforce.iss.net/xforce/xfdb/53553

Trust: 0.6

url:http://www.securityfocus.com/bid/36561

Trust: 0.6

url:http://secunia.com/advisories/36925

Trust: 0.6

url:http://osvdb.org/58424

Trust: 0.6

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/advisories/business_solutions/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:http://secunia.com/advisories/36925/

Trust: 0.1

url:http://secunia.com/advisories/36873/

Trust: 0.1

sources: BID: 79286 // JVNDB: JVNDB-2009-006418 // PACKETSTORM: 81751 // PACKETSTORM: 81782 // CNNVD: CNNVD-200910-177 // NVD: CVE-2009-3655

CREDITS

Unknown

Trust: 0.3

sources: BID: 79286

SOURCES

db:BIDid:79286
db:JVNDBid:JVNDB-2009-006418
db:PACKETSTORMid:81751
db:PACKETSTORMid:81782
db:CNNVDid:CNNVD-200910-177
db:NVDid:CVE-2009-3655

LAST UPDATE DATE

2024-11-23T21:47:43.685000+00:00


SOURCES UPDATE DATE

db:BIDid:79286date:2009-10-09T00:00:00
db:JVNDBid:JVNDB-2009-006418date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200910-177date:2020-07-29T00:00:00
db:NVDid:CVE-2009-3655date:2024-11-21T01:07:54.417

SOURCES RELEASE DATE

db:BIDid:79286date:2009-10-09T00:00:00
db:JVNDBid:JVNDB-2009-006418date:2012-12-20T00:00:00
db:PACKETSTORMid:81751date:2009-10-01T13:53:27
db:PACKETSTORMid:81782date:2009-10-02T13:30:07
db:CNNVDid:CNNVD-200910-177date:2009-10-09T00:00:00
db:NVDid:CVE-2009-3655date:2009-10-09T14:30:00.593