Signature Detail
Short Name |
FTP:SERVU:STOU-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
FTP |
Keywords |
Serv-U 'STOU' Command Denial of Service |
Release Date |
2005/01/19 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
FTP: Serv-U 'STOU' Command Denial of Service
This signature detects an attempt to exploit a denial of service condition in the Serv-U FTP daemon. By supplying a STOU request containing a MS-DOS device name, a client can cause the server to crash.
Extended Description
Serv-U FTP Server is reported prone to a denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions. The vulnerability is a result of Serv-U FTP Server processing certain 'STOU' commands. All versions of Serv-U prior to 5.2.0.1 are reportedly affected by this vulnerability.
Affected Products
- Rhino Software Serv-U 3.0.0
- Rhino Software Serv-U 3.1.0
- Rhino Software Serv-U 4.0.0 .0.4
- Rhino Software Serv-U 4.1.0
- Rhino Software Serv-U 4.1.0 .0.11
- Rhino Software Serv-U 4.2.0
- Rhino Software Serv-U 5.0.0 .0.4
- Rhino Software Serv-U 5.0.0 .0.6
- Rhino Software Serv-U 5.0.0 .0.9
- Rhino Software Serv-U 5.1.0 .0
- Rhino Software Serv-U 5.2.0 .0.0
References
- BugTraq: 11155
- CVE: CVE-2004-1675
- URL: http://www.securityfocus.com/bid/11155