Multiple FTP servers path globbing DoS updated since 16.03.2001
Published:		08.06.2005
Source:		BUGTRAQ
SecurityVulns ID:		1056
Type:		remote
Level:		6/10
Description:		Command like ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* causes server to hang.

Affected:		MICROSOFT : Internet Information Server 4.0
		MICROSOFT : Internet Information Server 5.0
		WU : WU-FTPD 2.6
		PROFTPD : ProFTPD 1.2
		BSD : ftpd 6.00
		BEROFTPD : BeroFTPD 1.3
		TYPSOFT : TYPsoft FTP server 0.95
		GLFTPD : glFTPD 1.24
		ORACLE : Solaris 9
		ORACLE : Solaris 10
		AVAYA : AVAYA CMS 13

Original document		SECUNIA, [SA15624] Avaya CMS FTP Daemon Wildcard Denial of Service (08.06.2005)
		SECUNIA, [SA15466] Solaris in.ftpd Wildcard Denial of Service Vulnerability (23.05.2005)
		IDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability (25.02.2005)
		Rob klein Gunnewiek, proftpd <=1.2.7rc3 DoS (12.12.2002)
		Jan Wagner, [ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability (09.10.2001)
		Jan Wagner, [ASGUARD-LABS] glFTPD v1.23 DOS Attack (18.08.2001)
		Frank DENIS (Jedi/Sector One), Multiple vendors FTP denial of service (16.03.2001)

Discuss:

Read or add your comments to this news (0 comments)