PT-2008-5733 · Solarwinds · Serv-U

Dmnt

Published

2008-10-08

Updated

2020-07-28

CVE-2008-4500

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Serv-U versions 7.0.0.1 through 7.3

Description: The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by sending a crafted stou command. This is likely related to the handling of MS-DOS device names. An example of such a crafted command includes using "con:1".

Recommendations: For Serv-U versions 7.0.0.1 through 7.3, consider restricting access to the stou command as a temporary workaround until a patch is available. Avoid using MS-DOS device names in commands to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-4500

Affected Products

Serv-U

PT-2008-5733 · Solarwinds · Serv-U

CVE-2008-4500

Weakness Enumeration

Related Identifiers

Affected Products

References · 7