Rumpus FTP Server Denial of Service

vendor:

Mac OS X

by:

SecurityFocus

4.3

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: Mac OS X

Affected Version From: All versions

Affected Version To: All versions

Patch Exists: No

Related CWE: N/A

CPE: o:apple:mac_os_x

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Mac OS X

2001

Rumpus FTP Server Denial of Service

Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections. An ftp user can engage the attack by making a directory with an unusual number of sub-folders, forcing the software to quit, as it is unable to handle the creation of so many directories at one time. The FTP server must be rebooted to regain normal functionality. It is required that a user be logged in to carry out this attack, and executing command 'mkdir A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A' will make Rumpus quit.

Mitigation:

Restrict access to the FTP server to trusted users and limit the number of sub-folders that can be created.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2864/info

Rumpus FTP Server is an implementation for MacOS which allows file-sharing across TCP/IP connections.

Rumpus FTP is prone to a denial of service. An ftp user can engage the attack by making a directory with an unusual number of sub-folders. This forces the software to quit, as it is unable to handle the creation of so many directories at one time. The FTP server must be rebooted to regain normal functionality.

It is required that a user be logged in to carry out this attack. It may be possible for remote users to exploit this vulnerability, but authentication is required and anonymous ftp access does not grant users the privileges neccesary to create directories. 

Executing command 'mkdir A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A' will make Rumpus quit.