CVE-2008-4500 - Vulnerability Details - OpenCVE

Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Solarwinds	Serv-u File Server

Configuration 1 [-]

OR	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:::::::*
	cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/32150
http://securityreason.com/securityalert/4377
http://www.securityfocus.com/bid/31556
http://www.vupen.com/english/advisories/2008/2746
https://exchange.xforce.ibmcloud.com/vulnerabilities/45652
https://www.exploit-db.com/exploits/6660

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-08T23:00:00

Updated: 2024-08-07T10:17:09.766Z

Reserved: 2008-10-08T00:00:00

Link: CVE-2008-4500

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-09T00:00:01.180

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4500

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "servu-stoucon1-dos(45652)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"}, {"name": "ADV-2008-2746", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2746"}, {"name": "32150", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32150"}, {"name": "6660", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6660"}, {"name": "4377", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4377"}, {"name": "31556", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31556"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4500", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "servu-stoucon1-dos(45652)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"}, {"name": "ADV-2008-2746", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2746"}, {"name": "32150", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32150"}, {"name": "6660", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6660"}, {"name": "4377", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4377"}, {"name": "31556", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31556"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:09.766Z"}, "title": "CVE Program Container", "references": [{"name": "servu-stoucon1-dos(45652)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"}, {"name": "ADV-2008-2746", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2746"}, {"name": "32150", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32150"}, {"name": "6660", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6660"}, {"name": "4377", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4377"}, {"name": "31556", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31556"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4500", "datePublished": "2008-10-08T23:00:00", "dateReserved": "2008-10-08T00:00:00", "dateUpdated": "2024-08-07T10:17:09.766Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "92DB160E-82FF-4360-970B-9DA8F8C80C7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "97835C15-FDFA-4483-B8F5-062731E912B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "64D43FB7-6D9C-46AE-9831-6C1A8CF8146E", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "CE52F36F-FA2F-476C-9F30-5F74DC0F3D29", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3D000B5-04D7-431C-AA2B-BC8D0475A518", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C74BAC99-DF37-4AE4-AF48-69C6E855CEC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "50FCBA2E-F6EE-4C52-B2DA-5174EF110DF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E40D1816-BD4A-4405-8461-07DA732C5CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CD3CE83-3E37-464C-A511-CDF7E735E58D", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "243CCCC8-9860-4440-9E80-12668270F330", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BFE008FE-8C8A-4E82-B6EE-93ECBB6A9903", "vulnerable": true}, {"criteria": "cpe:2.3:a:solarwinds:serv-u_file_server:7.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E6D6DD1-D98B-46C1-921C-9B045C234377", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using \"con:1\"."}, {"lang": "es", "value": "Serv-U v7.3, y v7.2.0.1 y anteriores, permite a usuarios autenticados en remoto provocar una denegaci\u00f3n de servicio (consumo de la CPU) a trav\u00e9s de un comando stou manipulado; probablemente est\u00e1 relacionado con los nombres de dispositivo de MS-DOS, como se ha demostrado usando \"con:1\""}], "id": "CVE-2008-4500", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-09T00:00:01.180", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32150"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4377"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31556"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2746"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4377"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31556"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2746"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45652"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6660"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}