[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-guvenlik
Subject:    [Linux-guvenlik] iDEFENSE Security Advisory 02.25.05: WU-FTPD File
From:       gyilmaz () genco ! gen ! tc (Genco YILMAZ)
Date:       2005-02-25 21:53:13
Message-ID: 421F9998.7060805 () genco ! gen ! tc
[Download RAW message or body]

selam,

WU-FTPD kullananlarin bilgisine

saygilar


iDEFENSE Labs wrote:

>WU-FTPD File Globbing Denial of Service Vulnerability
>
>iDEFENSE Security Advisory 02.25.05
>www.idefense.com/application/poi/display?id=207&type=vulnerabilities
>February 25, 2005
>
>I. BACKGROUND
>
>WU-FTPD is an ftp daemon for Unix systems developed at Washington 
>University. More information is available at:
>
>    http://www.wu-ftpd.org/
>
>II. DESCRIPTION
>
>Remote exploitation of an input validation vulnerability in version
>2.6.2 of WU-FPTD could allow for a denial of service of the system by 
>resource exhaustion.
>
>The vulnerability specifically exists in the wu_fnmatch() function in
>wu_fnmatch.c. When a pattern containing a '*' character is supplied as 
>input, the function calls itself recursively on a smaller substring. By 
>supplying a string which contains a large number of '*' characters, the 
>system will take a long time to return the results, during which time it
>
>will be using a large amount of CPU time.
>
>III. ANALYSIS
>
>After a user logs into the ftpd, an attacker can send a simple command 
>which will cause high CPU utilization.
>
>To exploit this vulnerability, a simple ftp client is sufficient. Once
>logged  in, either anonymously or as an authenticated user, issuing the
>following command will cause the machine to become less responsive.
>
>ftp> dir ***************************************************************
>         ***************************************************************
>         ***************************************************************
>         **.*
>
>By re-connecting and issuing the command multiple times, the system can
>be made completely unresponsive. This may prevent legitimate access to 
>services provided by the system for the period of the attack.
>
>IV. DETECTION
>
>iDEFENSE has confirmed the existence of this vulnerability in version 
>2.6.2 and 2.6.1 of WU-FTPD. It is suspected that previous versions are 
>also affected by this vulnerability.
>
>V. WORKAROUND
>Consider disabling the ftpd. If this is not viable as an option, 
>consider disabling anonymous access. Disabling anonymous access will not
>
>prevent local users from exploiting this vulnerability.
>
>VI. VENDOR RESPONSE
>
>No vendor response received.
>
>VII. CVE INFORMATION
>
>The Common Vulnerabilities and Exposures (CVE) project has assigned the
>names CAN-2005-0256 to these issues. This is a candidate for inclusion
>in the CVE list (http://cve.mitre.org), which standardizes names for
>security problems.
>
>VIII. DISCLOSURE TIMELINE
>
>02/09/2005  Initial vendor notification - No response
>02/18/2005  Initial vendor notification - No response
>02/25/2005  Public disclosure
>
>IX. CREDIT
>
>Adam Zabrocki (pi3 / pi3ki31ny) is credited with this discovery.
>
>Get paid for vulnerability research
>http://www.idefense.com/poi/teams/vcp.jsp
>
>Free tools, research and upcoming events
>http://labs.idefense.com
>
>X. LEGAL NOTICES
>
>Copyright (c) 2005 iDEFENSE, Inc.
>
>Permission is granted for the redistribution of this alert
>electronically. It may not be edited in any way without the express
>written consent of iDEFENSE. If you wish to reprint the whole or any
>part of this alert in any other medium other than electronically, please
>email customerservice@idefense.com for permission.
>
>Disclaimer: The information in the advisory is believed to be accurate
>at the time of publishing based on currently available information. Use
>of the information constitutes acceptance for use in an AS IS condition.
>There are no warranties with regard to this information. Neither the
>author nor the publisher accepts any liability for any direct, indirect,
>or consequential loss or damage arising from use of, or reliance on,
>this information.
>
>  
>


-- 
Genco YILMAZ

[prev in list] [next in list] [prev in thread] [next in thread]