Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0330

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0330
Last Modified 28 Apr 2010 09:21:13
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0330

Summary

Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.

Vulnerable Systems

Application

  • Serv-u 3.0.0.16

  • Serv-u 3.0.0.17

  • Serv-u 3.1.0.0

  • Serv-u 3.1.0.1

  • Serv-u 3.1.0.3

  • Serv-u 4.0.0.4

  • Serv-u 4.1.0.0

  • Serv-u 4.1.0.3

  • Serv-u 5.0.0.0


References

XF - servu-mdtm-bo(15323)

BID - 9751

MISC - http://www.cnhonker.com/advisory/serv-u.mdtm.txt

BUGTRAQ - 20040226 [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability


Last Updated: 27 May 2016 10:38:34