Details of VAR-200109-0069

ID

VAR-200109-0069

CVE

CVE-2001-0706

TITLE

Maximum Rumpus FTP Server Service denial vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200109-060

DESCRIPTION

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders. Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. Rumpus FTP is prone to a denial of service. An ftp user can engage the attack by making a directory with an unusual number of sub-folders. This forces the software to quit, as it is unable to handle the creation of so many directories at one time. The FTP server must be rebooted to regain normal functionality. It is required that a user be logged in to carry out this attack. It may be possible for remote users to exploit this vulnerability, but authentication is required and anonymous ftp access does not grant users the privileges neccesary to create directories

Trust: 1.17

sources: NVD: CVE-2001-0706 // BID: 2864

AFFECTED PRODUCTS

vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.5	Trust: 1.9
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.4	Trust: 1.9
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	1.3.2	Trust: 1.9
vendor:	maxum	model:	rumpus ftp server	scope:	eq	version:	2.0.3dev	Trust: 1.6
vendor:	maxum	model:	rumpus ftp server dev	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	maxum	model:	rumpus ftp server	scope:	ne	version:	1.3.6	Trust: 0.3

sources: BID: 2864 // CNNVD: CNNVD-200109-060 // NVD: CVE-2001-0706

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0706
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200109-060
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2001-0706
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200109-060 // NVD: CVE-2001-0706

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0706

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200109-060

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200109-060

EXTERNAL IDS

db:	BID	id:	2864	Trust: 1.9
db:	NVD	id:	CVE-2001-0706	Trust: 1.6
db:	BUGTRAQ	id:	20010612 RUMPUS FTP DOS VOL. 2	Trust: 0.6
db:	XF	id:	6699	Trust: 0.6
db:	CNNVD	id:	CNNVD-200109-060	Trust: 0.6

sources: BID: 2864 // CNNVD: CNNVD-200109-060 // NVD: CVE-2001-0706

REFERENCES

url:	http://www.securityfocus.com/bid/2864	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/190932	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6699	Trust: 1.0
url:	http://xforce.iss.net/static/6699.php	Trust: 0.6
url:	http://www.maxum.com/rumpus/	Trust: 0.3

sources: BID: 2864 // CNNVD: CNNVD-200109-060 // NVD: CVE-2001-0706

CREDITS

Jass Seljamaa <jass@email.isp.ee> published this vulnerability on June 12th, 2001.

Trust: 0.3

sources: BID: 2864

SOURCES

db:	BID	id:	2864
db:	CNNVD	id:	CNNVD-200109-060
db:	NVD	id:	CVE-2001-0706

LAST UPDATE DATE

2024-08-14T13:40:44.571000+00:00

SOURCES UPDATE DATE

db:	BID	id:	2864	date:	2001-06-12T00:00:00
db:	CNNVD	id:	CNNVD-200109-060	date:	2006-09-05T00:00:00
db:	NVD	id:	CVE-2001-0706	date:	2017-10-10T01:29:50.843

SOURCES RELEASE DATE

db:	BID	id:	2864	date:	2001-06-12T00:00:00
db:	CNNVD	id:	CNNVD-200109-060	date:	2001-09-20T00:00:00
db:	NVD	id:	CVE-2001-0706	date:	2001-09-20T04:00:00