Rumpus FTP DoS vol. 2

From: Jass Seljamaa (jassat_private)
Date: Tue Jun 12 2001 - 12:08:47 PDT

Next message: teleh0r -: "Remote buffer overflow in MDBMS."

Previous message: Robert van der Meulen: "Re: lil' exim format bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If anyone remembers I posted a DoS Vulnerability description to BugTraq, and 
Rumpus Developers quickly repaired, it, but they missed a thing. When executing 
command mkdir A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A Rumpus quits, its not a 
system freeze, but FTP service will be denied. This is a stack overflow caused 
by recurising through the folder creation routine that happens when many layers 
of sub-folders are created at once. The Guys behind Rumpus(Maxum) is a really 
good team of developers... I mentioned the vulnerability and in hours there was 
a new, fixed version. So vulnerable versions are: 1.3.5 and earlier, 2.0dev3. 
Not vulnerable: 1.3.6(I guess it should be downloadable already) and later...


Jass Seljamaa,
jassat_private
05212242  


-------------------------------------------------
This mail sent through IMP: email.isp.ee

Next message: teleh0r -: "Remote buffer overflow in MDBMS."
Previous message: Robert van der Meulen: "Re: lil' exim format bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 14:46:44 PDT