Sign-up

ID

VAR-200911-0180


CVE

CVE-2009-4006


TITLE

RhinoSoft Serv-U FTP Server TEA Decoding algorithm stack-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-006477

DESCRIPTION

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. RhinoSoft Serv-U FTP Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Serv-U 9.0.0.5 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: RhinoSoft Serv-U Cookie Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA37228 VERIFY ADVISORY: http://secunia.com/advisories/37228/ DESCRIPTION: Nikolas Rangos has discovered a vulnerability in Serv-U, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the included HTTP server when processing certain cookies. This can be exploited to cause a stack-based buffer overflow by sending a malicious HTTP request containing a specially crafted cookie to the server. The vulnerability is confirmed in version 9.0.0.5. SOLUTION: Filter malicious requests using a proxy. PROVIDED AND/OR DISCOVERED BY: Nikolaos Rangos, KC Security. ORIGINAL ADVISORY: http://www.rangos.de/ServU-ADV.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2009-4006 // JVNDB: JVNDB-2009-006477 // BID: 37051 // PACKETSTORM: 82525

AFFECTED PRODUCTS

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.5

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.1.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.4

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.0.0.3

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.4.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.0.0.5

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.2.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.0

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.1.0.2

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:9.0.0.1

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:8.0.0.7

Trust: 1.0

vendor:solarwindsmodel:serv-u file serverscope:eqversion:7.3.0.1

Trust: 1.0

vendor:rhinomodel:serv-u ftp serverscope:eqversion:7.0.0.1

Trust: 0.8

vendor:rhinomodel:serv-u ftp serverscope:ltversion:9.0.0.5 and 9.1.0.0

Trust: 0.8

vendor:serv umodel:serv-uscope:eqversion:9.0.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.1.0.3

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:9.0.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:9.0.0.5

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:9.1.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.2.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.1.0.1

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.0.0.4

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.2.0.0

Trust: 0.6

vendor:serv umodel:serv-uscope:eqversion:8.0.0.1

Trust: 0.6

vendor:rhinomodel:software serv-uscope:eqversion:9.0.5

Trust: 0.3

vendor:rhinomodel:software serv-uscope:eqversion:9.0.0.1

Trust: 0.3

vendor:rhinomodel:software serv-uscope:neversion:9.1.0.0

Trust: 0.3

sources: BID: 37051 // JVNDB: JVNDB-2009-006477 // CNNVD: CNNVD-200911-216 // NVD: CVE-2009-4006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4006
value: HIGH

Trust: 1.0

NVD: CVE-2009-4006
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200911-216
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2009-4006
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2009-006477 // CNNVD: CNNVD-200911-216 // NVD: CVE-2009-4006

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2009-006477 // NVD: CVE-2009-4006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200911-216

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200911-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-006477

PATCH
title:Serv-U FTP Server Release Notesurl:http://www.serv-u.com/releasenotes/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-006477

EXTERNAL IDS
db:NVDid:CVE-2009-4006
Trust: 2.4
db:BIDid:37051
Trust: 1.9
db:SECUNIAid:37228
Trust: 1.7
db:OSVDBid:60427
Trust: 1.6
db:VUPENid:ADV-2009-3277
Trust: 1.6
db:SECTRACKid:1023199
Trust: 1.6
db:JVNDBid:JVNDB-2009-006477
Trust: 0.8
db:CNNVDid:CNNVD-200911-216
Trust: 0.6
db:PACKETSTORMid:82525
Trust: 0.1
sources:
            
            
            BID: 37051 // 
            
            
            
            JVNDB: JVNDB-2009-006477 // 
            
            
            
            PACKETSTORM: 82525 // 
            
            
            
            CNNVD: CNNVD-200911-216 // 
            
            
            
            NVD: CVE-2009-4006

REFERENCES
url:http://www.securityfocus.com/archive/1/507955/100/0/threaded
Trust: 1.6
url:http://www.vupen.com/english/advisories/2009/3277
Trust: 1.6
url:http://www.securitytracker.com/id?1023199
Trust: 1.6
url:http://secunia.com/advisories/37228
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54322
Trust: 1.6
url:http://www.osvdb.org/60427
Trust: 1.6
url:http://www.serv-u.com/releasenotes/
Trust: 1.6
url:http://secunia.com/secunia_research/2009-46/
Trust: 1.6
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6142
Trust: 1.6
url:http://www.securityfocus.com/bid/37051
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4006
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4006
Trust: 0.8
url:http://www.serv-u.com/
Trust: 0.3
url:/archive/1/507955
Trust: 0.3
url:http://www.rangos.de/servu-adv.txt
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/advisories/37228/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 37051 // 
            
            
            
            JVNDB: JVNDB-2009-006477 // 
            
            
            
            PACKETSTORM: 82525 // 
            
            
            
            CNNVD: CNNVD-200911-216 // 
            
            
            
            NVD: CVE-2009-4006

CREDITS
Secunia
Trust: 0.7
sources:
            
            
            PACKETSTORM: 82525 // 
            
            
            
            CNNVD: CNNVD-200911-216

SOURCES
db:BIDid:37051
db:JVNDBid:JVNDB-2009-006477
db:PACKETSTORMid:82525
db:CNNVDid:CNNVD-200911-216
db:NVDid:CVE-2009-4006

LAST UPDATE DATE
2024-11-23T22:27:44.655000+00:00

SOURCES UPDATE DATE
db:BIDid:37051date:2009-11-18T17:56:00
db:JVNDBid:JVNDB-2009-006477date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200911-216date:2020-07-29T00:00:00
db:NVDid:CVE-2009-4006date:2024-11-21T01:08:43.083

SOURCES RELEASE DATE
db:BIDid:37051date:2009-11-18T00:00:00
db:JVNDBid:JVNDB-2009-006477date:2012-12-20T00:00:00
db:PACKETSTORMid:82525date:2009-11-06T13:23:17
db:CNNVDid:CNNVD-200911-216date:2009-11-20T00:00:00
db:NVDid:CVE-2009-4006date:2009-11-20T11:30:00.297