var-200903-0362
Vulnerability from variot
The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will allow attackers to deny service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Serv-U 7.4.0.1 is vulnerable; other versions may also be affected
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200903-0362", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.3" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.4" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.1.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.0.0.2" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.0" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.4.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.2.0.1" }, { "model": "serv-u file server", "scope": "eq", "trust": 1.0, "vendor": "solarwinds", "version": "7.3.0.2" }, { "model": "serv-u ftp server", "scope": "eq", "trust": 0.8, "vendor": "rhino", "version": "7.0.0.1 to 7.4.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.4.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.4.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.2.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.3" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.0" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.1" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.3.0.2" }, { "model": "serv-u", "scope": "eq", "trust": 0.6, "vendor": "serv u", "version": "7.0.0.1" }, { "model": "software serv-u", "scope": "eq", "trust": 0.3, "vendor": "rhino", "version": "7.4.0.1" } ], "sources": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:serv-u:serv-u", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jonathan Salwan submit@shell-storm.org", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-324" } ], "trust": 0.6 }, "cve": "CVE-2009-0967", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2009-0967", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2009-0967", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2009-0967", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200903-324", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authenticated users to cause a denial of service (service hang) via a large number of SMNT commands without an argument. RhinoSoft Serv-U is prone to a remote denial-of-service vulnerability. \nSuccessfully exploiting this issue will allow attackers to deny service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. \nServ-U 7.4.0.1 is vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2009-0967" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "BID", "id": "34127" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-0967", "trust": 2.4 }, { "db": "BID", "id": "34127", "trust": 1.9 }, { "db": "EXPLOIT-DB", "id": "8212", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2009-005892", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200903-324", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "id": "VAR-200903-0362", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 1.0 }, "last_update_date": "2024-11-23T23:13:07.853000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49260" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/34127" }, { "trust": 1.6, "url": "https://www.exploit-db.com/exploits/8212" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0967" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0967" }, { "trust": 0.3, "url": "http://www.serv-u.com/" } ], "sources": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "34127" }, { "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "db": "CNNVD", "id": "CNNVD-200903-324" }, { "db": "NVD", "id": "CVE-2009-0967" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-03-16T00:00:00", "db": "BID", "id": "34127" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "date": "2009-03-19T00:00:00", "db": "CNNVD", "id": "CNNVD-200903-324" }, { "date": "2009-03-19T10:30:00.530000", "db": "NVD", "id": "CVE-2009-0967" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-11-20T17:05:00", "db": "BID", "id": "34127" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-005892" }, { "date": "2020-07-29T00:00:00", "db": "CNNVD", "id": "CNNVD-200903-324" }, { "date": "2024-11-21T01:01:21.797000", "db": "NVD", "id": "CVE-2009-0967" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-324" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Serv-U of FTP Service disruption at the server (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-005892" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200903-324" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.