CVE-2007-0019
published 2007-01-19CVE-2007-0019: Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST…
PriorityP335medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
3.78%
88.6th percentile
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| maxum_development_corporation | rumpus_ftp_server | <= 5.1 | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x7jw-gfrw-mc9q: Multiple heap-based buffer overflows in rumpusd in Rumpus 5
ghsa_unreviewed·2022-05-01
CVE-2007-0019 [MEDIUM] GHSA-x7jw-gfrw-mc9q: Multiple heap-based buffer overflows in rumpusd in Rumpus 5
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
Red Hat
kernel: ipv6_hop_jumbo remote system crash
vendor_redhat·2007-09-07·CVSS 7.8
CVE-2007-4567 [HIGH] CWE-228 kernel: ipv6_hop_jumbo remote system crash
kernel: ipv6_hop_jumbo remote system crash
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0019.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/32689http://osvdb.org/32692http://projects.info-pull.com/moab/MOAB-18-01-2007.htmlhttp://secunia.com/advisories/23842https://exchange.xforce.ibmcloud.com/vulnerabilities/31594http://osvdb.org/32689http://osvdb.org/32692http://projects.info-pull.com/moab/MOAB-18-01-2007.htmlhttp://secunia.com/advisories/23842https://exchange.xforce.ibmcloud.com/vulnerabilities/31594
2007-01-19
Published