Rumpus 4.1, released today, includes dozens of updates and several major new capabilities, including: Web File Manager Extensions The WFM has been heavily revised in both appearance and functionality. Rumpus is perfect for print, media or design shops, and is the answer to education and corporate file sharing needs.
RUMPUS FTP UPDATE
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. Rumpus FTP, the premier Internet file transfer server for Macintosh, has been significantly improved in the latest update from Maxum Development. If you need to allow people from within your office or across the Internet to send, receive, and manage files on a central Mac, Rumpus FTP is what you are looking for. Built-in, easy-to-administer user accounts, integrated file transfer to the Internet, file download notifications, extensive security settings, amazing performance, and more. The overflow in HTTP component is caused by the lack of boundary check when parsing for HTTP action verb (GET, POST, PUT, etc.).
RUMPUS FTP CODE
The later may result in arbitrary code execution under superuser privilege. The first allows an unauthenticated user to crash Rumpus.
RUMPUS FTP FOR MAC OS
Necessarily indicate when this vulnerability wasĭiscovered, shared with the affected vendor, publicly Rumpus is an easy-to-use, high-performance FTP, WebDAV server for Mac OS X. Rumpus v6.0 contains two buffer overflow vulnerabilities in its HTTP and FTP modules. The CVE ID was allocated or reserved, and does not FULLDISC:20081201 Two buffer overflow vulnerabilities in Rumpus v6.0ĭisclaimer: The record creation date may reflect when.Normally the server responds with a mark using code 150. The directory is identified by the current name prefix. BUGTRAQ:20081201 Two buffer overflow vulnerabilities in Rumpus v6.0 A LIST or NLST request asks the server to send the contents of a directory over the data connection already established by the client.Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. Rumpus has been optimized to be as broadly compatible as possible with all FTP clients, including Web browsers, but there is a limit to what can be done from the server-side to compensate for poor FTP client implementations. From the Setup Assistant that fully prepares the server to accept users to the logically designed server management windows, Rumpus makes running an FTP server easy. Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component. Rumpus is, quite simply, the easiest FTP server on the planet to set up and administer.