This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
FTP:DOS:GEN-GLOB-DOS
|
Severity |
Minor
|
Recommended |
No
|
Category |
FTP
|
Keywords |
Globbing Denial of Service
|
Release Date |
2003/12/17
|
Update Number |
1213
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
FTP: Globbing Denial of Service
This signature detects attempts to exploit a known vulnerability against ProFTPD, Microsoft IIS and other FTP servers. Due to inadequate globbing algorithms, attackers can send wildcards in the argument of a maliciously crafted command to create a denial of service on the server.
Extended Description
Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits.
Globbing generates pathnames from file name patterns used by the shell, eg. wildcards denoted by * and ?, multiple choices denoted by {}, etc.
The vulnerable FTP servers can be exploited to exhaust system resources if per-user resource usage controls have not been implemented.
Affected Products
- Apple mac_os_x 10.0.0
- Apple mac_os_x 10.0.1
- Beroftpd beroftpd 1.3.4
- Debian linux 2.2.0
- Debian linux 2.2.0 68k
- Debian linux 2.2.0 alpha
- Debian linux 2.2.0 arm
- Debian linux 2.2.0 Powerpc
- Debian linux 2.2.0 sparc
- Freebsd freebsd 3.5.1
- Freebsd freebsd 4.2.0
- Hp hp-ux 10.0.0 1
- Hp hp-ux 10.10.0
- Hp hp-ux 10.20.0
- Hp hp-ux 11.0.0
- Hp hp-ux 11.11.0
- Ibm aix 4.3.0
- Mandriva linux_mandrake 8.0.0
- Openbsd openbsd 2.6.0
- Openbsd openbsd 2.7.0
- Proftpd_project proftpd 1.2.0
- Proftpd_project proftpd 1.2.0 .0Rc3
- Proftpd_project proftpd 1.2.0 Pre1
- Proftpd_project proftpd 1.2.0 Pre10
- Proftpd_project proftpd 1.2.0 Pre11
- Proftpd_project proftpd 1.2.0 Pre2
- Proftpd_project proftpd 1.2.0 Pre3
- Proftpd_project proftpd 1.2.0 Pre4
- Proftpd_project proftpd 1.2.0 Pre5
- Proftpd_project proftpd 1.2.0 Pre6
- Proftpd_project proftpd 1.2.0 Pre7
- Proftpd_project proftpd 1.2.0 Pre8
- Proftpd_project proftpd 1.2.0 Pre9
- Proftpd_project proftpd 1.2.1
- Pureftpd pureftpd 0.96.0
- Sun solaris 7.0
- Sun solaris 7.0_x86
- Sun solaris 8 Sparc
- Sun solaris 8 X86
- Suse linux 7.2.0
- Trolltech ftpd 1.21.0
- Trolltech ftpd 1.22.0
- Trolltech ftpd 1.23.0
- Trolltech ftpd 1.24.0
- Trolltech ftpd 1.25.0
- Washington_university wu-ftpd 2.4.2 academ[BETA1-15]
- Washington_university wu-ftpd 2.4.2 academ[BETA-18]
- Washington_university wu-ftpd 2.5.0 .0
- Washington_university wu-ftpd 2.6.0 .0
References