Serv-U STOU Multiple Command Remote DoS

2004-09-11T00:00:00
ID OSVDB:9898
Type osvdb
Reporter Patrick(patrickthomassen@gmail.com)
Modified 2004-09-11T00:00:00

Description

Vulnerability Description

Serv-U FTP server contains a flaw that may allow a remote denial of service.
The issue is triggered when COM1, LPT1, PRN or AUX argument is passed via the "STOU" command, and will result in loss of availability for the service.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict access to the FTP server.

Short Description

Serv-U FTP server contains a flaw that may allow a remote denial of service.
The issue is triggered when COM1, LPT1, PRN or AUX argument is passed via the "STOU" command, and will result in loss of availability for the service.

References:

Vendor URL: http://www.serv-u.com/ Security Tracker: 1011219 Secunia Advisory ID:12507 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0097.html CVE-2004-1675