Sign-up

ID

VAR-200701-0086


CVE

CVE-2007-0366


TITLE

Rumpus Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2007-003247

DESCRIPTION

Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. Rumpus Ftp Server is prone to a local security vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Rumpus Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23842 VERIFY ADVISORY: http://secunia.com/advisories/23842/ CRITICAL: Moderately critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Rumpus 5.x http://secunia.com/product/11982/ DESCRIPTION: LMH and KF have reported some vulnerabilities in Rumpus, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious users to compromise a vulnerable system. 1) The application invokes "ipfw" without an absolute path and has the setuid bit set. This can be exploited to gain "root" privileges by placing a specially crafted "ipfw" binary in the path. 2) Boundary errors within the FTP service can be exploited to cause heap-based buffer overflows and can potentially be exploited to execute arbitrary code via specially crafted packets. Successful exploitation requires a valid user account. The vulnerabilities are reported in version 5.1. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH and KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-18-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-0366 // JVNDB: JVNDB-2007-003247 // BID: 86749 // PACKETSTORM: 53760

AFFECTED PRODUCTS

vendor:maxummodel:rumpus ftp serverscope:lteversion:5.1

Trust: 1.8

vendor:maxummodel:rumpus ftp serverscope:eqversion:5.1

Trust: 0.9

sources: BID: 86749 // JVNDB: JVNDB-2007-003247 // CNNVD: CNNVD-200701-330 // NVD: CVE-2007-0366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0366
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-0366
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200701-330
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-0366
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-003247 // CNNVD: CNNVD-200701-330 // NVD: CVE-2007-0366

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0366

THREAT TYPE

local

Trust: 1.0

sources: BID: 86749 // PACKETSTORM: 53760 // CNNVD: CNNVD-200701-330

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200701-330

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003247

PATCH
title:Top Pageurl:http://www.maxum.com/Rumpus/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003247

EXTERNAL IDS
db:NVDid:CVE-2007-0366
Trust: 2.7
db:SECUNIAid:23842
Trust: 1.7
db:OSVDBid:32690
Trust: 1.6
db:XFid:31597
Trust: 0.9
db:JVNDBid:JVNDB-2007-003247
Trust: 0.8
db:CNNVDid:CNNVD-200701-330
Trust: 0.6
db:BIDid:86749
Trust: 0.3
db:PACKETSTORMid:53760
Trust: 0.1
sources:
            
            
            BID: 86749 // 
            
            
            
            JVNDB: JVNDB-2007-003247 // 
            
            
            
            PACKETSTORM: 53760 // 
            
            
            
            CNNVD: CNNVD-200701-330 // 
            
            
            
            NVD: CVE-2007-0366

REFERENCES
url:http://projects.info-pull.com/moab/moab-18-01-2007.html
Trust: 2.0
url:http://osvdb.org/32690
Trust: 1.6
url:http://secunia.com/advisories/23842
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31597
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/31597
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0366
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0366
Trust: 0.8
url:http://secunia.com/product/11982/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/23842/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 86749 // 
            
            
            
            JVNDB: JVNDB-2007-003247 // 
            
            
            
            PACKETSTORM: 53760 // 
            
            
            
            CNNVD: CNNVD-200701-330 // 
            
            
            
            NVD: CVE-2007-0366

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 86749

SOURCES
db:BIDid:86749
db:JVNDBid:JVNDB-2007-003247
db:PACKETSTORMid:53760
db:CNNVDid:CNNVD-200701-330
db:NVDid:CVE-2007-0366

LAST UPDATE DATE
2025-04-10T23:03:47.445000+00:00

SOURCES UPDATE DATE
db:BIDid:86749date:2007-01-19T00:00:00
db:JVNDBid:JVNDB-2007-003247date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200701-330date:2007-01-21T00:00:00
db:NVDid:CVE-2007-0366date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:BIDid:86749date:2007-01-19T00:00:00
db:JVNDBid:JVNDB-2007-003247date:2012-09-25T00:00:00
db:PACKETSTORMid:53760date:2007-01-20T00:09:28
db:CNNVDid:CNNVD-200701-330date:2007-01-19T00:00:00
db:NVDid:CVE-2007-0366date:2007-01-19T21:28:00