cvelistv5 - cve-2008-7078

CVE-2008-7078 (GCVE-0-2008-7078)

Vulnerability from cvelistv5 – Published: 2009-08-25 10:00 – Updated: 2024-08-07 11:56

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://www.exploit-db.com/exploits/7314	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/archive/1/498786/100…	mailing-listx_refsource_BUGTRAQ
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://secunia.com/advisories/32892	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/32558	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/32560	vdb-entryx_refsource_BID
	http://www.maxum.com/Rumpus/News601.html	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:56:14.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rumpus-ftp-bo(46988)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
          },
          {
            "name": "7314",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/7314"
          },
          {
            "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
          },
          {
            "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
          },
          {
            "name": "32892",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32892"
          },
          {
            "name": "32558",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32558"
          },
          {
            "name": "rumpus-http-dos(46987)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
          },
          {
            "name": "32560",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32560"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.maxum.com/Rumpus/News601.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "rumpus-ftp-bo(46988)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
        },
        {
          "name": "7314",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/7314"
        },
        {
          "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
        },
        {
          "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
        },
        {
          "name": "32892",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32892"
        },
        {
          "name": "32558",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32558"
        },
        {
          "name": "rumpus-http-dos(46987)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
        },
        {
          "name": "32560",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32560"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.maxum.com/Rumpus/News601.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-7078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rumpus-ftp-bo(46988)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
            },
            {
              "name": "7314",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/7314"
            },
            {
              "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
            },
            {
              "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
            },
            {
              "name": "32892",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32892"
            },
            {
              "name": "32558",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32558"
            },
            {
              "name": "rumpus-http-dos(46987)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
            },
            {
              "name": "32560",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32560"
            },
            {
              "name": "http://www.maxum.com/Rumpus/News601.html",
              "refsource": "CONFIRM",
              "url": "http://www.maxum.com/Rumpus/News601.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-7078",
    "datePublished": "2009-08-25T10:00:00",
    "dateReserved": "2009-08-24T00:00:00",
    "dateUpdated": "2024-08-07T11:56:14.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:maxum:rumpus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.0\", \"matchCriteriaId\": \"E3024D27-B634-419B-A951-20AAD007D70D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en Rumpus anteriores a v6.0.1 permite a atacantes remotos (1) producir una denegaci\\u00f3n de servicio (fallo de la segmentaci\\u00f3n) a traves de un verbo HTTP largo en el componente HTTP; y permite a usuarios remotos autenticados ejecutar c\\u00f3digo arbitrario a traves de un argumento largo a los comandos (2) MKD, (3) XMKD, (4) RMD, y otros sin especificar en el componente FTP.\"}]",
      "id": "CVE-2008-7078",
      "lastModified": "2024-11-21T00:58:13.170",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-08-25T10:30:00.627",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/32892\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.maxum.com/Rumpus/News601.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/498786/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/32558\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/32560\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46987\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46988\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/7314\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/32892\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.maxum.com/Rumpus/News601.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/498786/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/32558\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/32560\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46987\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/7314\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-7078\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-25T10:30:00.627\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en Rumpus anteriores a v6.0.1 permite a atacantes remotos (1) producir una denegaci\u00f3n de servicio (fallo de la segmentaci\u00f3n) a traves de un verbo HTTP largo en el componente HTTP; y permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a traves de un argumento largo a los comandos (2) MKD, (3) XMKD, (4) RMD, y otros sin especificar en el componente FTP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:maxum:rumpus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"E3024D27-B634-419B-A951-20AAD007D70D\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32892\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.maxum.com/Rumpus/News601.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/498786/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/32558\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/32560\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46987\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46988\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/7314\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.maxum.com/Rumpus/News601.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/498786/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/32558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/32560\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/7314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-P7MX-J9J5-HV76

Vulnerability from github – Published: 2022-05-14 02:37 – Updated: 2022-05-14 02:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-7078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-08-25T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.",
  "id": "GHSA-p7mx-j9j5-hv76",
  "modified": "2022-05-14T02:37:55Z",
  "published": "2022-05-14T02:37:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7078"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/7314"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32892"
    },
    {
      "type": "WEB",
      "url": "http://www.maxum.com/Rumpus/News601.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32558"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32560"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200908-0054

Vulnerability from variot - Updated: 2023-12-18 13:58

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. Maxum Rumpus FTP Server is prone to a remote denial-of-service vulnerability. This issue allows remote attackers to crash affected servers, denying service to legitimate users. Maxum Rumpus is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, possibly with root privileges. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Rumpus 6.0.1 are vulnerable. ----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more: http://secunia.com/advisories/business_solutions/

TITLE: Rumpus Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA32892

VERIFY ADVISORY: http://secunia.com/advisories/32892/

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE:

From remote

SOFTWARE: Rumpus 6.x http://secunia.com/advisories/product/20643/

DESCRIPTION: Blue Moon Consulting has reported some vulnerabilities in Rumpus, which can be exploited by malicious people to cause a DoS (Denial of Service) and by malicious users to potentially compromise a vulnerable system.

1) An error in the HTTP service when processing overly long HTTP methods can be exploited to cause a crash.

2) A boundary error in the FTP service when processing arguments sent to the e.g. "MKD", "XMKD", "RMD" FTP commands can be exploited to cause a stack-based buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires valid FTP credentials.

The vulnerabilities are reported in version 6.0.

SOLUTION: Update to version 6.0.1.

PROVIDED AND/OR DISCOVERED BY: Blue Moon Consulting

ORIGINAL ADVISORY: Blue Moon Consulting (BMSA 2008-09): http://lists.grok.org.uk/pipermail/full-disclosure/2008-December/066086.html

Maxum: http://www.maxum.com/Rumpus/News601.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200908-0054",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rumpus",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "maxum",
        "version": "6.0"
      },
      {
        "model": "rumpus",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "maxum",
        "version": "6.0.1"
      },
      {
        "model": "rumpus ftp server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "maxum",
        "version": "6.0"
      },
      {
        "model": "rumpus ftp server",
        "scope": "ne",
        "trust": 0.6,
        "vendor": "maxum",
        "version": "6.0.1"
      },
      {
        "model": "rumpus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "maxum",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-397"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:maxum:rumpus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Blue Moon Consulting",
    "sources": [
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-7078",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2008-7078",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-7078",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200908-397",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-397"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. Maxum Rumpus FTP Server is prone to a remote denial-of-service vulnerability. \nThis issue allows remote attackers to crash affected servers, denying service to legitimate users. Maxum Rumpus is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, possibly with root privileges. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to Rumpus 6.0.1 are vulnerable. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nRumpus Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA32892\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32892/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nRumpus 6.x\nhttp://secunia.com/advisories/product/20643/\n\nDESCRIPTION:\nBlue Moon Consulting has reported some vulnerabilities in Rumpus,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) and by malicious users to potentially compromise a\nvulnerable system. \n\n1) An error in the HTTP service when processing overly long HTTP\nmethods can be exploited to cause a crash. \n\n2) A boundary error in the FTP service when processing arguments sent\nto the e.g. \"MKD\", \"XMKD\", \"RMD\" FTP commands can be exploited to\ncause a stack-based buffer overflow. \n\nSuccessful exploitation of this vulnerability may allow execution of\narbitrary code, but requires valid FTP credentials. \n\nThe vulnerabilities are reported in version 6.0. \n\nSOLUTION:\nUpdate to version 6.0.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nBlue Moon Consulting\n\nORIGINAL ADVISORY:\nBlue Moon Consulting (BMSA 2008-09):\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-December/066086.html\n\nMaxum:\nhttp://www.maxum.com/Rumpus/News601.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      },
      {
        "db": "PACKETSTORM",
        "id": "72552"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-7078",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "32560",
        "trust": 1.9
      },
      {
        "db": "BID",
        "id": "32558",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "32892",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "7314",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354",
        "trust": 0.8
      },
      {
        "db": "FULLDISC",
        "id": "20081201 [BMSA 2008-09] TWO BUFFER OVERFLOW VULNERABILITIES IN RUMPUS V6.0",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "46987",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "46988",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20081201 [BMSA 2008-09] TWO BUFFER OVERFLOW VULNERABILITIES IN RUMPUS V6.0",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "7314",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-397",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "72552",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "db": "PACKETSTORM",
        "id": "72552"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-397"
      }
    ]
  },
  "id": "VAR-200908-0054",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5608974
  },
  "last_update_date": "2023-12-18T13:58:04.595000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Rumpus",
        "trust": 0.8,
        "url": "http://www.maxum.com/rumpus/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.maxum.com/rumpus/news601.html"
      },
      {
        "trust": 1.6,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/32892"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/32558"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/32560"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/7314"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7078"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7078"
      },
      {
        "trust": 0.6,
        "url": "http://www.maxum.com/rumpus/"
      },
      {
        "trust": 0.6,
        "url": "/archive/1/498786"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/46988"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/46987"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/498786/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/7314"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32892/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/20643/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-december/066086.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "db": "PACKETSTORM",
        "id": "72552"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-397"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "db": "PACKETSTORM",
        "id": "72552"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-397"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-12-01T00:00:00",
        "db": "BID",
        "id": "32560"
      },
      {
        "date": "2008-12-01T00:00:00",
        "db": "BID",
        "id": "32558"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "date": "2008-12-02T17:24:32",
        "db": "PACKETSTORM",
        "id": "72552"
      },
      {
        "date": "2009-08-25T10:30:00.627000",
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "date": "2008-12-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-397"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-12-01T23:53:00",
        "db": "BID",
        "id": "32560"
      },
      {
        "date": "2008-12-01T23:53:00",
        "db": "BID",
        "id": "32558"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      },
      {
        "date": "2018-10-11T20:58:13.503000",
        "db": "NVD",
        "id": "CVE-2008-7078"
      },
      {
        "date": "2009-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-397"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rumpus Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004354"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "32560"
      },
      {
        "db": "BID",
        "id": "32558"
      }
    ],
    "trust": 0.6
  }
}

GSD-2008-7078

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-7078

Aliases

CVE-2008-7078

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-7078",
    "description": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.",
    "id": "GSD-2008-7078"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-7078"
      ],
      "details": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.",
      "id": "GSD-2008-7078",
      "modified": "2023-12-13T01:23:01.552906Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-7078",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "rumpus-ftp-bo(46988)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
          },
          {
            "name": "7314",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/7314"
          },
          {
            "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
          },
          {
            "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
          },
          {
            "name": "32892",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32892"
          },
          {
            "name": "32558",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32558"
          },
          {
            "name": "rumpus-http-dos(46987)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
          },
          {
            "name": "32560",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32560"
          },
          {
            "name": "http://www.maxum.com/Rumpus/News601.html",
            "refsource": "CONFIRM",
            "url": "http://www.maxum.com/Rumpus/News601.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:maxum:rumpus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-7078"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
            },
            {
              "name": "http://www.maxum.com/Rumpus/News601.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.maxum.com/Rumpus/News601.html"
            },
            {
              "name": "32558",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/32558"
            },
            {
              "name": "32560",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/32560"
            },
            {
              "name": "32892",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32892"
            },
            {
              "name": "rumpus-ftp-bo(46988)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
            },
            {
              "name": "rumpus-http-dos(46987)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
            },
            {
              "name": "7314",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/7314"
            },
            {
              "name": "20081201 [BMSA 2008-09] Two buffer overflow vulnerabilities in Rumpus v6.0",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:58Z",
      "publishedDate": "2009-08-25T10:30Z"
    }
  }
}

FKIE_CVE-2008-7078

Vulnerability from fkie_nvd - Published: 2009-08-25 10:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html
cve@mitre.org	http://secunia.com/advisories/32892	Vendor Advisory
cve@mitre.org	http://www.maxum.com/Rumpus/News601.html
cve@mitre.org	http://www.securityfocus.com/archive/1/498786/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/32558	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/32560	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46987
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/46988
cve@mitre.org	https://www.exploit-db.com/exploits/7314
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32892	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.maxum.com/Rumpus/News601.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/498786/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32558	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32560	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46987
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/46988
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/7314

Impacted products

	Vendor	Product	Version
	maxum	rumpus	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:maxum:rumpus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3024D27-B634-419B-A951-20AAD007D70D",
              "versionEndIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en Rumpus anteriores a v6.0.1 permite a atacantes remotos (1) producir una denegaci\u00f3n de servicio (fallo de la segmentaci\u00f3n) a traves de un verbo HTTP largo en el componente HTTP; y permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a traves de un argumento largo a los comandos (2) MKD, (3) XMKD, (4) RMD, y otros sin especificar en el componente FTP."
    }
  ],
  "id": "CVE-2008-7078",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-08-25T10:30:00.627",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32892"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.maxum.com/Rumpus/News601.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32558"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32560"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.maxum.com/Rumpus/News601.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/498786/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/32560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7314"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-7078 (GCVE-0-2008-7078)

GHSA-P7MX-J9J5-HV76

VAR-200908-0054

GSD-2008-7078

FKIE_CVE-2008-7078

Tags

Sightings

Nomenclature