ID
VAR-201004-0508
TITLE
Rumba FTP Client File Name Remote Stack Buffer Overflow Vulnerability
Trust: 0.9
DESCRIPTION
Rumba FTP is a graphical FTP client that supports file encryption transfer. The Rumba FTP client handles boundary errors in the long file names in the returned directory list, constructing a malicious FTP server, convincing the user to access, and triggering a stack-based buffer overflow. Successful exploitation of a vulnerability can execute arbitrary instructions with application privileges. Rumba FTP Client is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on server-supplied data. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. The vulnerability is caused due to a boundary error when processing overly long file names returned in directory listings. The vulnerability is reported in version 4.2. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: zombiefx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
Trust: 0.9
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | netmanage | model: | rumba ftp | scope: | eq | version: | 4.2 | Trust: 0.9 |
THREAT TYPE
network
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 39683 | Trust: 0.9 |
| db: | SECUNIA | id: | 39589 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2010-0715 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 88898 | Trust: 0.1 |
REFERENCES
| url: | http://secunia.com/advisories/39589/ | Trust: 0.7 |
| url: | http://www.netmanage.com/products/rumba/rumba_features.asp | Trust: 0.3 |
| url: | http://secunia.com/advisories/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.1 |
| url: | http://secunia.com/advisories/about_secunia_advisories/ | Trust: 0.1 |
CREDITS
zombiefx
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-0715 |
| db: | BID | id: | 39683 |
| db: | PACKETSTORM | id: | 88898 |
LAST UPDATE DATE
2022-05-17T02:01:26.196000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-0715 | date: | 2010-04-27T00:00:00 |
| db: | BID | id: | 39683 | date: | 2010-04-26T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-0715 | date: | 2010-04-27T00:00:00 |
| db: | BID | id: | 39683 | date: | 2010-04-26T00:00:00 |
| db: | PACKETSTORM | id: | 88898 | date: | 2010-04-26T06:38:07 |