Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1675

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1675
Last Modified 28 Apr 2010 09:22:22
Published 11 Sep 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1675

Summary

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

Vulnerable Systems

Application

  • Serv-u 4.0.0.4

  • Serv-u 4.1.0.0

  • Serv-u 4.1.0.3

  • Serv-u 5.0.0.0

  • Serv-u 5.0.0.11

  • Serv-u 5.0.0.4

  • Serv-u 5.0.0.9

  • Serv-u 5.1.0.0

  • Serv-u 5.2.0.0

  • Serv-u 5.2.0.1


References

BID - 11155

SECUNIA - 12507

XF - servu-stou-dos(17329)

BUGTRAQ - 20040911 Serv-U up to 5.2 Denial of Service


Last Updated: 27 May 2016 10:39:08