Denial of Service in Serv-U FTP Server by Authenticated Users
CVE-2008-4500

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Serv-u File Server
Vendor: CVE Published:; 9 October 2008

Summary

The Serv-U FTP Server is prone to a denial of service vulnerability that allows remote authenticated users to trigger excessive CPU consumption. This is achieved by sending a specially crafted STOR command, which exploits the handling of MS-DOS device names, notably through the identifier 'con:1'. Successful exploitation may lead to degradation of service and impact availability. Organizations using affected versions should promptly assess their security posture and apply necessary mitigations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45652

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2008/2746

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/32150

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2008
Vulnerability Reserved
Oct 8, 2008