ID CVE-2007-1485 Type cve Reporter cve@mitre.org Modified 2018-10-16T16:38:00
Description
DISPUTED Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments.
{"id": "CVE-2007-1485", "bulletinFamily": "NVD", "title": "CVE-2007-1485", "description": "** DISPUTED ** Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument. NOTE: CVE disputes this issue because QFTP is not setuid, and it is unlikely that there are web interfaces to QFTP that would accept untrusted command line arguments.", "published": "2007-03-16T21:19:00", "modified": "2018-10-16T16:38:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1485", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/462952/100/0/threaded", "http://www.securityfocus.com/bid/22986", "http://osvdb.org/35089", "http://securityreason.com/securityalert/2443"], "cvelist": ["CVE-2007-1485"], "type": "cve", "lastseen": "2019-05-29T18:08:59", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "29dceb30a6a2ae22d211f315ab3b7dc9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "cc8c07f07e589072eabf96b9a6db1090"}, {"key": "cpe23", "hash": "d54e69c6fa71460a19d717a502d500f6"}, {"key": "cvelist", "hash": "c7cc1be4929a04897b0a22cc13afaf67"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "11e56c2d8f36b1920223217250e3f2a6"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "969423e250bf998d6b67358c0f5fd78a"}, {"key": "href", "hash": "d2482686a354cc453681675601b4c4e8"}, {"key": "modified", "hash": "be8c6cba32d3ed9bd262b9f8d55a0549"}, {"key": "published", "hash": "ed43eaf31f28fbaab369730a7ab3fa6d"}, {"key": "references", "hash": "855d89e874d0067ec48ec47e0578c64a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "207225fa174ec915f09d60c1f3702381"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c1d4cc0dab62936cfff8cf76cb4e2dae81852e889dd1440787fe667394409f49", "viewCount": 0, "enchantments": {"score": {"value": 8.9, "vector": "NONE", "modified": "2019-05-29T18:08:59"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:35089"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7417"]}], "modified": "2019-05-29T18:08:59"}, "vulnersScore": 8.9}, "objectVersion": "1.3", "cpe": ["cpe:/a:ftplib:ftplib:3.1-1"], "affectedSoftware": [{"name": "ftplib ftplib", "operator": "eq", "version": "3.1-1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:ftplib:ftplib:3.1-1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0196.html\n[CVE-2007-1485](https://vulners.com/cve/CVE-2007-1485)\nBugtraq ID: 22986\n", "modified": "2007-03-15T00:03:54", "published": "2007-03-15T00:03:54", "href": "https://vulners.com/osvdb/OSVDB:35089", "id": "OSVDB:35089", "title": "LIBFtp QFTP set_umask Function -m Argument Local Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "Multiple buffer overflows of different types.", "modified": "2007-03-17T00:00:00", "published": "2007-03-17T00:00:00", "id": "SECURITYVULNS:VULN:7417", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7417", "title": "Multiple libft p / GFTP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
