Details of VAR-200701-0514

ID

VAR-200701-0514

CVE

CVE-2007-0019

TITLE

Rumpus of rumpusd Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-003166

DESCRIPTION

Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. Rumpus is prone to multiple vulnerabilities, including multiple remote heap-overflow issues, denial-of-service issues, and local privilege-escalation issues. The remote issues affect the FTP and HTTP components of the server. Since Rumpus runs with superuser privileges, a successful attack may facilitate the complete compromise of affected computers. Rumpus 5.1 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Rumpus Multiple Vulnerabilities SECUNIA ADVISORY ID: SA23842 VERIFY ADVISORY: http://secunia.com/advisories/23842/ CRITICAL: Moderately critical IMPACT: Privilege escalation, DoS, System access WHERE: >From remote SOFTWARE: Rumpus 5.x http://secunia.com/product/11982/ DESCRIPTION: LMH and KF have reported some vulnerabilities in Rumpus, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious users to compromise a vulnerable system. 1) The application invokes "ipfw" without an absolute path and has the setuid bit set. This can be exploited to gain "root" privileges by placing a specially crafted "ipfw" binary in the path. Successful exploitation requires a valid user account. The vulnerabilities are reported in version 5.1. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: LMH and KF ORIGINAL ADVISORY: http://projects.info-pull.com/moab/MOAB-18-01-2007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-0019 // JVNDB: JVNDB-2007-003166 // BID: 22126 // PACKETSTORM: 53760

AFFECTED PRODUCTS

vendor:	maxum	model:	rumpus ftp server	scope:	lte	version:	5.1	Trust: 1.8
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	5.1	Trust: 0.9
vendor:	maxum	model:	rumpus ftp server dev	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.6	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.5	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.4	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.2	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	5.0	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	ne	version:	5.1.1	Trust: 0.3

sources: BID: 22126 // JVNDB: JVNDB-2007-003166 // NVD: CVE-2007-0019 // CNNVD: CNNVD-200701-342

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-0019
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200701-342
value:	MEDIUM
Trust: 0.6

NVD:
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	TRUE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-0019
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-2007-003166 // NVD: CVE-2007-0019 // CNNVD: CNNVD-200701-342

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0019

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-342

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200701-342

CONFIGURATIONS

sources: NVD: CVE-2007-0019

PATCH

title:

Top Page

url:

http://www.maxum.com/rumpus/

Trust: 0.8

sources: JVNDB: JVNDB-2007-003166

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0019	Trust: 2.7
db:	SECUNIA	id:	23842	Trust: 1.7
db:	OSVDB	id:	32689	Trust: 1.6
db:	OSVDB	id:	32692	Trust: 1.6
db:	JVNDB	id:	JVNDB-2007-003166	Trust: 0.8
db:	XF	id:	31594	Trust: 0.6
db:	CNNVD	id:	CNNVD-200701-342	Trust: 0.6
db:	BID	id:	22126	Trust: 0.3
db:	PACKETSTORM	id:	53760	Trust: 0.1

sources: BID: 22126 // JVNDB: JVNDB-2007-003166 // PACKETSTORM: 53760 // NVD: CVE-2007-0019 // CNNVD: CNNVD-200701-342

REFERENCES

url:	http://projects.info-pull.com/moab/moab-18-01-2007.html	Trust: 2.0
url:	http://osvdb.org/32689	Trust: 1.6
url:	http://osvdb.org/32692	Trust: 1.6
url:	http://secunia.com/advisories/23842	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31594	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0019	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0019	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/31594	Trust: 0.6
url:	http://www.maxum.com/rumpus/	Trust: 0.3
url:	http://secunia.com/product/11982/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/23842/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 22126 // JVNDB: JVNDB-2007-003166 // PACKETSTORM: 53760 // NVD: CVE-2007-0019 // CNNVD: CNNVD-200701-342

CREDITS

These vulnerabilities were discovered by LMH <lmh [at] info-pull.com> and Kevin Finisterre.

Trust: 0.9

sources: BID: 22126 // CNNVD: CNNVD-200701-342

SOURCES

db:	BID	id:	22126
db:	JVNDB	id:	JVNDB-2007-003166
db:	PACKETSTORM	id:	53760
db:	NVD	id:	CVE-2007-0019
db:	CNNVD	id:	CNNVD-200701-342

LAST UPDATE DATE

2023-12-18T13:45:14.173000+00:00

SOURCES UPDATE DATE

db:	BID	id:	22126	date:	2007-09-13T03:01:00
db:	JVNDB	id:	JVNDB-2007-003166	date:	2012-09-25T00:00:00
db:	NVD	id:	CVE-2007-0019	date:	2017-07-29T01:29:54.437
db:	CNNVD	id:	CNNVD-200701-342	date:	2007-01-21T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	22126	date:	2007-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2007-003166	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	53760	date:	2007-01-20T00:09:28
db:	NVD	id:	CVE-2007-0019	date:	2007-01-19T21:28:00
db:	CNNVD	id:	CNNVD-200701-342	date:	2007-01-19T00:00:00