Serv-U FTP Server STOU denial of service
| servu-stou-dos (17329) |  Medium Risk |
Description:
Serv-U FTP is vulnerable to a denial of service attack, caused by improper validation of arguments. A remote attacker could send a specially crafted STOU command containing a reserved DOS device name to cause the service to crash.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 17, 2010.
References:
- Serv-U Web site: Serv-U, The Industry's Most Popular FTP Server.
- BID-11155: RhinoSoft Serv-U FTP Server Remote Denial Of Service Vulnerability
- CVE-2004-1675: Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
- OSVDB ID: 9898: Serv-U FTP Server STOU Command MS-DOS Argument Remote DoS
- SA12507: Serv-U FTP Server "STOU" Command Denial of Service Vulnerability
Platforms Affected:
- Rhino Software Serv-U FTP Server 3.0
- Rhino Software Serv-U FTP Server 3.1
- Rhino Software Serv-U FTP Server 4.0.0.4
- Rhino Software Serv-U FTP Server 4.1
- Rhino Software Serv-U FTP Server 4.1.0.11
- Rhino Software Serv-U FTP Server 4.2
- Rhino Software Serv-U FTP Server 5.0.0.4
- Rhino Software Serv-U FTP Server 5.0.0.6
- Rhino Software Serv-U FTP Server 5.0.0.9
- Rhino Software Serv-U FTP Server 5.1.0
- Rhino Software Serv-U FTP Server 5.2.0
Reported:
Sep 13, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this