CVE-2008-7078

Rumpus < 6.0 - Buffer Overflow via Long HTTP Verb and Authenticated Buffer Overflow via Long FTP Command Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7078. PoCs published by BLUE MOON.

AI-analyzed exploit summary The exploit demonstrates two buffer overflow vulnerabilities in Maxum Rumpus v6.0: one in the HTTP module (DoS via 2908-byte verb) and another in the FTP module (RCE via 1046-byte argument in commands like MKD). The FTP exploit requires authentication but can lead to arbitrary code execution as root.

Description

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BLUE MOON · textdoswindows

https://www.exploit-db.com/exploits/7314

View Code ZIP pw:eip

The exploit demonstrates two buffer overflow vulnerabilities in Maxum Rumpus v6.0: one in the HTTP module (DoS via 2908-byte verb) and another in the FTP module (RCE via 1046-byte argument in commands like MKD). The FTP exploit requires authentication but can lead to arbitrary code execution as root.

Classification

Working Poc 100%

Attack Type

Rce | Dos

Complexity

Trivial

Reliability

Reliable

Target: Maxum Rumpus v6.0

Auth required

Prerequisites: Network access to target HTTP/FTP ports · Valid credentials for FTP exploitation

MITRE ATT&CK