Vulnerability Report

CVE-2009-4006

RCE

Title: Solarwinds Serv-U File Server RCE

RCE

Proof Of Concept

PoC Available for CVE-2009-4006

CWE Category CWE-119
Published Date Nov 20, 2009
Modified Date Apr 09, 2025
Exploit Status Available
Score 10.0 CVSS v2.0
Exploit Probability (EPSS)
77.87%

Vulnerability Summary

CVE-2009-4006: Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.

Impacted Vendors

S
solarwinds 1

Reference Links

http://secunia.com/advisories/37228 http://secunia.com/secunia_research/2009-46/ http://www.osvdb.org/60427 http://www.securityfocus.com/archive/1/507955/100/0/threaded http://www.securityfocus.com/bid/37051 http://www.securitytracker.com/id?1023199 http://www.serv-u.com/releasenotes/ http://www.vupen.com/english/advisories/2009/3277 https://exchange.xforce.ibmcloud.com/vulnerabilities/54322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142 http://secunia.com/advisories/37228 http://secunia.com/secunia_research/2009-46/ http://www.osvdb.org/60427 http://www.securityfocus.com/archive/1/507955/100/0/threaded http://www.securityfocus.com/bid/37051 http://www.securitytracker.com/id?1023199 http://www.serv-u.com/releasenotes/ http://www.vupen.com/english/advisories/2009/3277 https://exchange.xforce.ibmcloud.com/vulnerabilities/54322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6142
CVSS v2.0
Source Entity [email protected]
Severity HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2009-4006 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/16775
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.