cvelistv5 - cve-2009-4006

CVE-2009-4006 (GCVE-0-2009-4006)

Vulnerability from cvelistv5 – Published: 2009-11-20 11:00 – Updated: 2024-08-07 06:45

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.osvdb.org/60427	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id?1023199	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/507955/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/secunia_research/2009-46/	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2009/3277	vdb-entryx_refsource_VUPEN
	http://www.serv-u.com/releasenotes/	x_refsource_MISC
	http://secunia.com/advisories/37228	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/37051	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:51.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "60427",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/60427"
          },
          {
            "name": "1023199",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023199"
          },
          {
            "name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-46/"
          },
          {
            "name": "oval:org.mitre.oval:def:6142",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
          },
          {
            "name": "ADV-2009-3277",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "name": "37228",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37228"
          },
          {
            "name": "37051",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37051"
          },
          {
            "name": "servu-tea-bo(54322)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "60427",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/60427"
        },
        {
          "name": "1023199",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023199"
        },
        {
          "name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-46/"
        },
        {
          "name": "oval:org.mitre.oval:def:6142",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
        },
        {
          "name": "ADV-2009-3277",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.serv-u.com/releasenotes/"
        },
        {
          "name": "37228",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37228"
        },
        {
          "name": "37051",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37051"
        },
        {
          "name": "servu-tea-bo(54322)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4006",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "60427",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/60427"
            },
            {
              "name": "1023199",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023199"
            },
            {
              "name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-46/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-46/"
            },
            {
              "name": "oval:org.mitre.oval:def:6142",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
            },
            {
              "name": "ADV-2009-3277",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3277"
            },
            {
              "name": "http://www.serv-u.com/releasenotes/",
              "refsource": "MISC",
              "url": "http://www.serv-u.com/releasenotes/"
            },
            {
              "name": "37228",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37228"
            },
            {
              "name": "37051",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37051"
            },
            {
              "name": "servu-tea-bo(54322)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4006",
    "datePublished": "2009-11-20T11:00:00",
    "dateReserved": "2009-11-19T00:00:00",
    "dateUpdated": "2024-08-07T06:45:51.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92DB160E-82FF-4360-970B-9DA8F8C80C7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97835C15-FDFA-4483-B8F5-062731E912B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64D43FB7-6D9C-46AE-9831-6C1A8CF8146E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE52F36F-FA2F-476C-9F30-5F74DC0F3D29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3D000B5-04D7-431C-AA2B-BC8D0475A518\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C74BAC99-DF37-4AE4-AF48-69C6E855CEC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E40D1816-BD4A-4405-8461-07DA732C5CE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CD3CE83-3E37-464C-A511-CDF7E735E58D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"243CCCC8-9860-4440-9E80-12668270F330\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E6D6DD1-D98B-46C1-921C-9B045C234377\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48FC2D20-D01F-43A7-B49D-6FAFB7889C5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"480EE765-C9AF-495E-810E-4153DC250F33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"955439D8-7449-4E82-9EB5-6379002E6D92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D6B101C-1058-45D7-A0B9-26C616691F04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7EC7360-6AD8-4689-A927-57881C4BF974\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF3956BE-95DE-4656-B987-796053032621\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"391013B0-D304-49AF-9FAB-89E9A4E16686\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A4BCC0E-1F1B-4956-BE5D-67FF788652EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9637A62-B1A9-41D1-905C-DA200DB5A4DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7FE5332-0928-4743-832D-D7E9AB86B5EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF325569-354C-4C70-A6EC-A8BFF1FF2AB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31756C9F-307A-4D1C-8534-5F919EA96C75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"104F5B91-6267-4B19-A791-FBC49E88B7AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"809D6AB1-13D5-4589-B564-570114A64AC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E986938-BE98-4D7A-9C92-4ED87968E0A9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer en la regi\\u00f3n stack de la memoria en el algoritmo de decodificaci\\u00f3n TEA en servidor FTP Serv-U  de RhinoSoft versiones 7.0.0.1, 9.0.0.5 y otras versiones anteriores a 9.1.0.0, permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario por medio de una cadena hexadecimal larga.\"}]",
      "id": "CVE-2009-4006",
      "lastModified": "2024-11-21T01:08:43.083",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-11-20T11:30:00.297",
      "references": "[{\"url\": \"http://secunia.com/advisories/37228\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2009-46/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/60427\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/507955/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/37051\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1023199\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.serv-u.com/releasenotes/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3277\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54322\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/37228\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2009-46/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/60427\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/507955/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/37051\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023199\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.serv-u.com/releasenotes/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/54322\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4006\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-11-20T11:30:00.297\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el algoritmo de decodificaci\u00f3n TEA en servidor FTP Serv-U  de RhinoSoft versiones 7.0.0.1, 9.0.0.5 y otras versiones anteriores a 9.1.0.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una cadena hexadecimal larga.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92DB160E-82FF-4360-970B-9DA8F8C80C7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97835C15-FDFA-4483-B8F5-062731E912B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64D43FB7-6D9C-46AE-9831-6C1A8CF8146E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE52F36F-FA2F-476C-9F30-5F74DC0F3D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D000B5-04D7-431C-AA2B-BC8D0475A518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C74BAC99-DF37-4AE4-AF48-69C6E855CEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E40D1816-BD4A-4405-8461-07DA732C5CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD3CE83-3E37-464C-A511-CDF7E735E58D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"243CCCC8-9860-4440-9E80-12668270F330\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E6D6DD1-D98B-46C1-921C-9B045C234377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48FC2D20-D01F-43A7-B49D-6FAFB7889C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"480EE765-C9AF-495E-810E-4153DC250F33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955439D8-7449-4E82-9EB5-6379002E6D92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D6B101C-1058-45D7-A0B9-26C616691F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7EC7360-6AD8-4689-A927-57881C4BF974\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF3956BE-95DE-4656-B987-796053032621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"391013B0-D304-49AF-9FAB-89E9A4E16686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A4BCC0E-1F1B-4956-BE5D-67FF788652EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9637A62-B1A9-41D1-905C-DA200DB5A4DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7FE5332-0928-4743-832D-D7E9AB86B5EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF325569-354C-4C70-A6EC-A8BFF1FF2AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31756C9F-307A-4D1C-8534-5F919EA96C75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104F5B91-6267-4B19-A791-FBC49E88B7AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"809D6AB1-13D5-4589-B564-570114A64AC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E986938-BE98-4D7A-9C92-4ED87968E0A9\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/37228\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2009-46/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/60427\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/507955/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37051\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023199\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.serv-u.com/releasenotes/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3277\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54322\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2009-46/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/60427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/507955/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.serv-u.com/releasenotes/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/54322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-3VHM-28VH-HWW9

Vulnerability from github – Published: 2022-05-02 03:50 – Updated: 2025-04-09 04:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-20T11:30:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.",
  "id": "GHSA-3vhm-28vh-hww9",
  "modified": "2025-04-09T04:16:30Z",
  "published": "2022-05-02T03:50:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4006"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37228"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2009-46"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/60427"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37051"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023199"
    },
    {
      "type": "WEB",
      "url": "http://www.serv-u.com/releasenotes"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3277"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200911-0180

Vulnerability from variot - Updated: 2023-12-18 12:11

Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. RhinoSoft Serv-U FTP Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Serv-U 9.0.0.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: RhinoSoft Serv-U Cookie Buffer Overflow Vulnerability

SECUNIA ADVISORY ID: SA37228

VERIFY ADVISORY: http://secunia.com/advisories/37228/

DESCRIPTION: Nikolas Rangos has discovered a vulnerability in Serv-U, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the included HTTP server when processing certain cookies. This can be exploited to cause a stack-based buffer overflow by sending a malicious HTTP request containing a specially crafted cookie to the server.

The vulnerability is confirmed in version 9.0.0.5.

SOLUTION: Filter malicious requests using a proxy.

PROVIDED AND/OR DISCOVERED BY: Nikolaos Rangos, KC Security.

ORIGINAL ADVISORY: http://www.rangos.de/ServU-ADV.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200911-0180",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.0.0.4"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.3.0.2"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.0.0.4"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.0.0.2"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.4.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.0.0.5"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.0.0.3"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.3.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.1.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "9.1.0.0"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.1.0.2"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.0.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.2.0.0"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.0.0.7"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.0.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.2.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "9.0.0.3"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.2.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "9.0.0.5"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.2.0.0"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.1.0.0"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.3.0.0"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "7.4.0.0"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "9.0.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.2.0.3"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.1.0.1"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.0.0.2"
      },
      {
        "model": "serv-u file server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "solarwinds",
        "version": "8.1.0.3"
      },
      {
        "model": "serv-u ftp server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rhino",
        "version": "7.0.0.1"
      },
      {
        "model": "serv-u ftp server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "rhino",
        "version": "9.0.0.5 and  9.1.0.0"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "9.0.0.3"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "8.1.0.3"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "9.0.0.1"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "9.0.0.5"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "9.1.0.0"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "8.2.0.1"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "8.1.0.1"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "8.0.0.4"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "8.2.0.0"
      },
      {
        "model": "serv-u",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "serv u",
        "version": "8.0.0.1"
      },
      {
        "model": "software serv-u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rhino",
        "version": "9.0.5"
      },
      {
        "model": "software serv-u",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rhino",
        "version": "9.0.0.1"
      },
      {
        "model": "software serv-u",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rhino",
        "version": "9.1.0.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "37051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secunia",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "82525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2009-4006",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-4006",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-4006",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200911-216",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. RhinoSoft Serv-U FTP Server is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nServ-U 9.0.0.5 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nRhinoSoft Serv-U Cookie Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA37228\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37228/\n\nDESCRIPTION:\nNikolas Rangos has discovered a vulnerability in Serv-U, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error within the\nincluded HTTP server when processing certain cookies. This can be\nexploited to cause a stack-based buffer overflow by sending a\nmalicious HTTP request containing a specially crafted cookie to the\nserver. \n\nThe vulnerability is confirmed in version 9.0.0.5. \n\nSOLUTION:\nFilter malicious requests using a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nNikolaos Rangos, KC Security. \n\nORIGINAL ADVISORY:\nhttp://www.rangos.de/ServU-ADV.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "db": "BID",
        "id": "37051"
      },
      {
        "db": "PACKETSTORM",
        "id": "82525"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-4006",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "37051",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "37228",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1023199",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3277",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "60427",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "82525",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "37051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "db": "PACKETSTORM",
        "id": "82525"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ]
  },
  "id": "VAR-200911-0180",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2023-12-18T12:11:28.523000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Serv-U FTP Server Release Notes",
        "trust": 0.8,
        "url": "http://www.serv-u.com/releasenotes/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/37228"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/secunia_research/2009-46/"
      },
      {
        "trust": 1.6,
        "url": "http://www.osvdb.org/60427"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/37051"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id?1023199"
      },
      {
        "trust": 1.6,
        "url": "http://www.serv-u.com/releasenotes/"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2009/3277"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6142"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4006"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4006"
      },
      {
        "trust": 0.3,
        "url": "http://www.serv-u.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/507955"
      },
      {
        "trust": 0.1,
        "url": "http://www.rangos.de/servu-adv.txt"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37228/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "37051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "db": "PACKETSTORM",
        "id": "82525"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "37051"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "db": "PACKETSTORM",
        "id": "82525"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-11-18T00:00:00",
        "db": "BID",
        "id": "37051"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "date": "2009-11-06T13:23:17",
        "db": "PACKETSTORM",
        "id": "82525"
      },
      {
        "date": "2009-11-20T11:30:00.297000",
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "date": "2009-11-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-11-18T17:56:00",
        "db": "BID",
        "id": "37051"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      },
      {
        "date": "2020-07-28T14:46:59.837000",
        "db": "NVD",
        "id": "CVE-2009-4006"
      },
      {
        "date": "2020-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RhinoSoft Serv-U FTP Server  TEA Decoding algorithm stack-based buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-006477"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200911-216"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2009-4006

Vulnerability from fkie_nvd - Published: 2009-11-20 11:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/37228	Vendor Advisory
cve@mitre.org	http://secunia.com/secunia_research/2009-46/	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/60427
cve@mitre.org	http://www.securityfocus.com/archive/1/507955/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/37051
cve@mitre.org	http://www.securitytracker.com/id?1023199
cve@mitre.org	http://www.serv-u.com/releasenotes/
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3277	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/54322
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37228	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2009-46/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/60427
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507955/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37051
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023199
af854a3a-2127-422b-91ae-364da2661108	http://www.serv-u.com/releasenotes/
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3277	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/54322
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142

Impacted products

Vendor	Product	Version
solarwinds	serv-u_file_server	7.0.0.1
solarwinds	serv-u_file_server	7.0.0.2
solarwinds	serv-u_file_server	7.0.0.3
solarwinds	serv-u_file_server	7.0.0.4
solarwinds	serv-u_file_server	7.1.0.0
solarwinds	serv-u_file_server	7.1.0.1
solarwinds	serv-u_file_server	7.1.0.2
solarwinds	serv-u_file_server	7.2.0.0
solarwinds	serv-u_file_server	7.2.0.1
solarwinds	serv-u_file_server	7.3.0.0
solarwinds	serv-u_file_server	7.3.0.1
solarwinds	serv-u_file_server	7.3.0.2
solarwinds	serv-u_file_server	7.4.0.0
solarwinds	serv-u_file_server	7.4.0.1
solarwinds	serv-u_file_server	8.0.0.1
solarwinds	serv-u_file_server	8.0.0.2
solarwinds	serv-u_file_server	8.0.0.4
solarwinds	serv-u_file_server	8.0.0.5
solarwinds	serv-u_file_server	8.0.0.7
solarwinds	serv-u_file_server	8.1.0.1
solarwinds	serv-u_file_server	8.1.0.3
solarwinds	serv-u_file_server	8.2.0.0
solarwinds	serv-u_file_server	8.2.0.1
solarwinds	serv-u_file_server	8.2.0.3
solarwinds	serv-u_file_server	9.0.0.1
solarwinds	serv-u_file_server	9.0.0.3
solarwinds	serv-u_file_server	9.0.0.5
solarwinds	serv-u_file_server	9.1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48FC2D20-D01F-43A7-B49D-6FAFB7889C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CEF9A0E-7D4E-42CA-AD6F-B6F18CA3CFB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "480EE765-C9AF-495E-810E-4153DC250F33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "955439D8-7449-4E82-9EB5-6379002E6D92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D6B101C-1058-45D7-A0B9-26C616691F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EC7360-6AD8-4689-A927-57881C4BF974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF3956BE-95DE-4656-B987-796053032621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "391013B0-D304-49AF-9FAB-89E9A4E16686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4BCC0E-1F1B-4956-BE5D-67FF788652EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9637A62-B1A9-41D1-905C-DA200DB5A4DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7FE5332-0928-4743-832D-D7E9AB86B5EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF325569-354C-4C70-A6EC-A8BFF1FF2AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31756C9F-307A-4D1C-8534-5F919EA96C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "104F5B91-6267-4B19-A791-FBC49E88B7AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "809D6AB1-13D5-4589-B564-570114A64AC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E986938-BE98-4D7A-9C92-4ED87968E0A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el algoritmo de decodificaci\u00f3n TEA en servidor FTP Serv-U  de RhinoSoft versiones 7.0.0.1, 9.0.0.5 y otras versiones anteriores a 9.1.0.0, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una cadena hexadecimal larga."
    }
  ],
  "id": "CVE-2009-4006",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-20T11:30:00.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37228"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-46/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/60427"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37051"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023199"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.serv-u.com/releasenotes/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3277"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2009-46/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/60427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.serv-u.com/releasenotes/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-4006

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-4006

Aliases

CVE-2009-4006

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4006",
    "description": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.",
    "id": "GSD-2009-4006"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4006"
      ],
      "details": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.",
      "id": "GSD-2009-4006",
      "modified": "2023-12-13T01:19:45.798088Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4006",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "60427",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/60427"
          },
          {
            "name": "1023199",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023199"
          },
          {
            "name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
          },
          {
            "name": "http://secunia.com/secunia_research/2009-46/",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2009-46/"
          },
          {
            "name": "oval:org.mitre.oval:def:6142",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
          },
          {
            "name": "ADV-2009-3277",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/3277"
          },
          {
            "name": "http://www.serv-u.com/releasenotes/",
            "refsource": "MISC",
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "name": "37228",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37228"
          },
          {
            "name": "37051",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37051"
          },
          {
            "name": "servu-tea-bo(54322)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:8.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:solarwinds:serv-u_file_server:9.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4006"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1023199",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023199"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-46/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/secunia_research/2009-46/"
            },
            {
              "name": "ADV-2009-3277",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3277"
            },
            {
              "name": "37051",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/37051"
            },
            {
              "name": "60427",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/60427"
            },
            {
              "name": "37228",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/37228"
            },
            {
              "name": "http://www.serv-u.com/releasenotes/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.serv-u.com/releasenotes/"
            },
            {
              "name": "servu-tea-bo(54322)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54322"
            },
            {
              "name": "oval:org.mitre.oval:def:6142",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142"
            },
            {
              "name": "20091118 Secunia Research: RhinoSoft Serv-U TEA Decoding Buffer Overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507955/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-07-28T14:46Z",
      "publishedDate": "2009-11-20T11:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-4006 (GCVE-0-2009-4006)

GHSA-3VHM-28VH-HWW9

VAR-200911-0180

FKIE_CVE-2009-4006

GSD-2009-4006

Tags

Sightings

Nomenclature