CVE-2004-1675

Description

Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.

Affected products

• SolarWinds / Serv-U File Server4.0.0.4 – 4.0.0.4
• SolarWinds / Serv-U File Server4.1.0.0 – 4.1.0.0
• SolarWinds / Serv-U File Server4.1.0.3 – 4.1.0.3
• SolarWinds / Serv-U File Server5.0.0.0 – 5.0.0.0
• SolarWinds / Serv-U File Server5.0.0.4 – 5.0.0.4
• SolarWinds / Serv-U File Server5.0.0.9 – 5.0.0.9
• SolarWinds / Serv-U File Server5.0.0.11 – 5.0.0.11
• SolarWinds / Serv-U File Server5.1.0.0 – 5.1.0.0
• SolarWinds / Serv-U File Server5.2.0.0 – 5.2.0.0
• SolarWinds / Serv-U File Server5.2.0.1 – 5.2.0.1

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17329
• VENDOR_ADVISORYhttp://secunia.com/advisories/12507/
• MISChttp://www.securityfocus.com/bid/11155
• MAILING_LISThttp://marc.info/?l=bugtraq&m=109495074211638&w=2