FreeBSD : wu-ftpd -- remote globbing DoS vulnerability (ef410571-a541-11d9-a788-0001020eed82)

NASLDB: FreeBSD : wu-ftpd -- remote globbing DoS vulnerability (ef410571-a541-11d9-a788-0001020eed82)

General

ID: 19162
Name: FreeBSD : wu-ftpd — remote globbing DoS vulnerability (ef410571-a541-11d9-a788-0001020eed82)

Summary: Checks for updated packages in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

An iDEFENSE Security Advisory reports :

Remote exploitation of an input validation vulnerability in version
2.6.2 of WU-FPTD could allow for a denial of service of the system by
resource exhaustion.

The vulnerability specifically exists in the wu_fnmatch() function in
wu_fnmatch.c. When a pattern containing a ‘*’ character is supplied as
input, the function calls itself recursively on a smaller substring.
By supplying a string which contains a large number of ‘*’ characters,
the system will take a long time to return the results, during which
time it will be using a large amount of CPU time.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2005-0256
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2005/02/05
Patch Release: 2005/04/04
Plugin Release: 2005/07/13

Plugin

Version: 1.12
Filename: freebsd_pkg_ef410571a54111d9a7880001020eed82.nasl
Filesize: 4748 bytes
MD5 Hash: 2c87c179e2db98f4b3a8226b14ef5784

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG