5

CVE-2005-3467

Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon.  NOTE: it is not clear whether items (2) and above are vulnerabilities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SolarwindsServ-u File Server Version <= 6.1.0.1
SolarwindsServ-u File Server Version3.0.0.16
SolarwindsServ-u File Server Version3.0.0.17
SolarwindsServ-u File Server Version3.1.0.0
SolarwindsServ-u File Server Version3.1.0.1
SolarwindsServ-u File Server Version3.1.0.3
SolarwindsServ-u File Server Version4.0.0.4
SolarwindsServ-u File Server Version4.1.0.0
SolarwindsServ-u File Server Version4.1.0.3
SolarwindsServ-u File Server Version5.0.0.0
SolarwindsServ-u File Server Version5.0.0.4
SolarwindsServ-u File Server Version5.0.0.9
SolarwindsServ-u File Server Version5.0.0.11
SolarwindsServ-u File Server Version5.1.0.0
SolarwindsServ-u File Server Version5.2.0.0
SolarwindsServ-u File Server Version5.2.0.1
SolarwindsServ-u File Server Version6.0.0.0
SolarwindsServ-u File Server Version6.0.0.1
SolarwindsServ-u File Server Version6.0.0.2
SolarwindsServ-u File Server Version6.1.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.41% 0.819
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/17409
Patch
Vendor Advisory
http://securitytracker.com/id?1015151
http://www.securityfocus.com/bid/15273
http://www.serv-u.com/releasenotes.asp
http://www.vupen.com/english/advisories/2005/2267