Computer Security
[EN] securityvulns.ru no-pyccku


libc glob() resources exhaustion
updated since 02.05.2011
Published:15.04.2013
Source:
SecurityVulns ID:11642
Type:library
Threat Level:
6/10
Description:It's possible to build recursive template, leading to memory exhaustion.
Affected:NETBSD : NetBSD 5.1
 PUREFTPD : Pure-FTPd 1.0
 FREEBSD : FreeBSD 9.1
CVE:CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.)
 CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.)
 CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability, related to FTP.)
Original documentdocumentsubmit_(at)_cxsec.org, MacOSX 10.8.3 ftpd Remote Resource Exhaustion (15.04.2013)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-13:02.libc (24.02.2013)
 documentmax_(at)_cxsecurity.com, FreeBSD 9.1 ftpd Remote Denial of Service (11.02.2013)
 documentMANDRIVA, [ MDVSA-2011:094 ] pure-ftpd (21.05.2011)
 documentMaksymilian Arciemowicz, Multiple Vendors libc/glob() GLOB_BRACE|GLOB_LIMIT memory exhaustion (02.05.2011)
Files:PoC for multiple vendors ftpd (libc/glob) resource exhaustion

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod