Info

Disclosure

Jan 24, 2004

Discovery

Unknown

Dates

Exploit

Jan 27, 2004

Solution

Jan 24, 2004

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Upgrade to version 5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1008841
Secunia Advisory ID: 10706
Milw0rm: 149 822
Exploit Database: 149 822
ISS X-Force ID: 14931
CVE ID: 2004-2111 (see also: NVD)
Metasploit ID: 3713
Bugtraq ID: 9483 9675
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html
http://marc.theaimsgroup.com/?l=bugtraq&m=107513654005840&w=2
Other Advisory URL: http://www.0x557.org/release/servu.txt [ Link is 404 ]
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/serv_u_site_chmod

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3713