CVE-2008-7078

Name of the Vulnerable Software and Affected Versions Rumpus versions prior to 6.0.1

Description The issue is related to multiple buffer overflows that can be exploited by remote attackers to cause a denial of service, resulting in a segmentation fault, by sending a long HTTP verb in the HTTP component. Additionally, remote authenticated users can execute arbitrary code by providing a long argument to certain commands, including MKD, XMKD, and RMD, in the FTP component.

Recommendations For versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP component and limiting the length of arguments to the MKD, XMKD, and RMD commands until a patch is applied.