Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1".
Software | From | Fixed in |
---|---|---|
solarwinds / serv-u_file_server | 7.0.0.1 | 7.0.0.1.x |
solarwinds / serv-u_file_server | 7.0.0.2 | 7.0.0.2.x |
solarwinds / serv-u_file_server | 7.0.0.3 | 7.0.0.3.x |
solarwinds / serv-u_file_server | 7.0.0.4 | 7.0.0.4.x |
solarwinds / serv-u_file_server | 7.1.0.0 | 7.1.0.0.x |
solarwinds / serv-u_file_server | 7.1.0.1 | 7.1.0.1.x |
solarwinds / serv-u_file_server | 7.1.0.2 | 7.1.0.2.x |
solarwinds / serv-u_file_server | 7.2.0.0 | 7.2.0.0.x |
solarwinds / serv-u_file_server | 7.2.0.1 | 7.2.0.1.x |
solarwinds / serv-u_file_server | 7.3.0.0 | 7.3.0.0.x |
solarwinds / serv-u_file_server | 7.3.0.1 | 7.3.0.1.x |
solarwinds / serv-u_file_server | 7.3.0.2 | 7.3.0.2.x |