If anyone remembers I posted a DoS Vulnerability description to BugTraq, and Rumpus Developers quickly repaired, it, but they missed a thing. When executing command mkdir A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A Rumpus quits, its not a system freeze, but FTP service will be denied. This is a stack overflow caused by recurising through the folder creation routine that happens when many layers of sub-folders are created at once. The Guys behind Rumpus(Maxum) is a really good team of developers... I mentioned the vulnerability and in hours there was a new, fixed version. So vulnerable versions are: 1.3.5 and earlier, 2.0dev3. Not vulnerable: 1.3.6(I guess it should be downloadable already) and later... Jass Seljamaa, jassat_private 05212242 ------------------------------------------------- This mail sent through IMP: email.isp.ee
This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 14:46:44 PDT