COMMAND

    Rumpus

SYSTEMS AFFECTED

    Rumpus FTP Server 1.3.5 and earlier, 2.0dev3

PROBLEM

    Jass  Seljamaa  found  following.   When  executing  command mkdir
    A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A:A  Rumpus  quits,  its not a
    system freeze, but FTP  service will be denied.   This is a  stack
    overflow caused by recurising through the folder creation  routine
    that happens when many layers of sub-folders are created at once.

SOLUTION

    The Guys behind Rumpus(Maxum) is a really good team of developers.
    Jass mentioned  the vulnerability  and in  hours there  was a new,
    fixed version.   So vulnerable  versions are:  1.3.5 and  earlier,
    2.0dev3.  Not vulnerable:  1.3.6 (should be downloadable  already)
    and later...