Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1992

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1992
Last Modified 28 Apr 2010 09:23:34
Published 20 Apr 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1992

Summary

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.

Vulnerable Systems

Application

  • Serv-u 3.0.0.16

  • Serv-u 3.0.0.17

  • Serv-u 3.1.0.0

  • Serv-u 3.1.0.1

  • Serv-u 3.1.0.3

  • Serv-u 4.0.0.4

  • Serv-u 4.1.0.0

  • Serv-u 4.1.0.3

  • Serv-u 5.0.0.0

  • Serv-u 5.0.0.4


References

XF - servu-list-command-bo(15913)

SECUNIA - 11430

BID - 10181

MISC - http://www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html

OSVDB - 5546

SECTRACK - 1009869

NTBUGTRAQ - 20040503 Serv-U LIST -l Parameter Buffer Overflow


Last Updated: 27 May 2016 10:39:16