Details of VAR-200109-0056

ID

VAR-200109-0056

CVE

CVE-2001-0644

TITLE

Maxum Rumpus FTP Server elevation privilege vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200109-116

DESCRIPTION

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. Passwords are stored in plaintext format in the prefs folder

Trust: 1.17

sources: NVD: CVE-2001-0644 // BID: 2718

AFFECTED PRODUCTS

vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.4	Trust: 1.9
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.2	Trust: 1.9
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.3	Trust: 1.6
vendor:	maxum	model:	rumpus ftp server	scope:	lte	version:	2.0.3_dev_3	Trust: 1.0
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	2.0.3_dev_3	Trust: 0.6
vendor:	maxum	model:	rumpus ftp server dev	scope:	eq	version:	2.0.3	Trust: 0.3

sources: BID: 2718 // CNNVD: CNNVD-200109-116 // NVD: CVE-2001-0644

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0644
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200109-116
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2001-0644
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200109-116 // NVD: CVE-2001-0644

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0644

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200109-116

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200109-116

EXTERNAL IDS

db:	BID	id:	2718	Trust: 1.9
db:	NVD	id:	CVE-2001-0644	Trust: 1.6
db:	XF	id:	6543	Trust: 0.6
db:	BUGTRAQ	id:	20010515 RUMPUS FTP DOS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200109-116	Trust: 0.6

sources: BID: 2718 // CNNVD: CNNVD-200109-116 // NVD: CVE-2001-0644

REFERENCES

url:	http://www.securityfocus.com/archive/1/184751	Trust: 1.6
url:	http://www.securityfocus.com/bid/2718	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6543	Trust: 1.0
url:	http://xforce.iss.net/static/6543.php	Trust: 0.6
url:	http://www.maxum.com/rumpus/	Trust: 0.3

sources: BID: 2718 // CNNVD: CNNVD-200109-116 // NVD: CVE-2001-0644

CREDITS

Jass Seljamaa <jass@email.isp.ee> posted this vulnerability to BugTraq on May 15th, 2001.

Trust: 0.3

sources: BID: 2718

SOURCES

db:	BID	id:	2718
db:	CNNVD	id:	CNNVD-200109-116
db:	NVD	id:	CVE-2001-0644

LAST UPDATE DATE

2025-04-03T22:33:19.014000+00:00

SOURCES UPDATE DATE

db:	BID	id:	2718	date:	2001-05-15T00:00:00
db:	CNNVD	id:	CNNVD-200109-116	date:	2006-09-05T00:00:00
db:	NVD	id:	CVE-2001-0644	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	BID	id:	2718	date:	2001-05-15T00:00:00
db:	CNNVD	id:	CNNVD-200109-116	date:	2001-09-20T00:00:00
db:	NVD	id:	CVE-2001-0644	date:	2001-09-20T04:00:00