diff options
| author | simon <simon@FreeBSD.org> | 2005-04-05 04:06:01 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2005-04-05 04:06:01 +0800 |
| commit | 963f1584e3d7117fecc02e057547f268974d575d (patch) | |
| tree | 5b3d5360fdd7d4bec199f3d7cb4ec4d51cdc32ba /security/vuxml | |
| parent | 4e9da63d0ca6dc5ca678d2cd31a0692daa65b5a8 (diff) | |
| download | freebsd-ports-gnome-963f1584e3d7117fecc02e057547f268974d575d.tar.gz freebsd-ports-gnome-963f1584e3d7117fecc02e057547f268974d575d.tar.zst freebsd-ports-gnome-963f1584e3d7117fecc02e057547f268974d575d.zip | |
Document wu-ftpd -- remote globbing DoS vulnerability.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4d761b065374..cee3047b8e63 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,46 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="ef410571-a541-11d9-a788-0001020eed82"> + <topic>wu-ftpd -- remote globbing DoS vulnerability</topic> + <affects> + <package> + <name>wu-ftpd</name> + <range><lt>2.6.2_6</lt></range> + </package> + <package> + <name>wu-ftpd+ipv6</name> + <range><lt>2.6.2_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>An iDEFENSE Security Advisory reports:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=110935886414939"> + <p>Remote exploitation of an input validation vulnerability + in version 2.6.2 of WU-FPTD could allow for a denial of + service of the system by resource exhaustion.</p> + <p>The vulnerability specifically exists in the + <code>wu_fnmatch()</code> function in wu_fnmatch.c. When a + pattern containing a '*' character is supplied as input, + the function calls itself recursively on a smaller + substring. By supplying a string which contains a large + number of '*' characters, the system will take a long time + to return the results, during which time it will be using + a large amount of CPU time.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-0256</cvename> + <mlist msgid="FB24803D1DF2A34FA59FC157B77C970503E249AF@idserv04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&m=110935886414939</mlist> + </references> + <dates> + <discovery>2005-02-05</discovery> + <entry>2005-04-04</entry> + </dates> + </vuln> + <vuln vid="5ebfe901-a3cb-11d9-b248-000854d03344"> <topic>hashcash -- format string vulnerability</topic> <affects> |