On Wed, 11 Apr 2001, Gerhard Sittig wrote:
Huh? How is it BSD specific? It's a simple "whenever I send expensive requests to the server the server suddenly gets busy". It's the "I can put down the machine with a fork() loop" kind of pseudo exploits. The ftpd "problem" is that the server accepts wildcards for its LIST command variants.
Please note: this is _not_ a resource exhaustion attack. The "File Globbing Vulnerability" in question is a buffer overflow attack potentially leading to code execution (Solaris - heap overflow, HPUX - stack overflow), not the similar DOS attacks that have been known for a while now (CERT CA-2001-07 mentions this in the overview). The short version is that certain assumptions about buffer length are made based on limitations on user input and when the glob expansion is done the total length may be greater than the buffer allocated based on those assumptions. Interesting delivery method, but after that it's a straight up buffer overflow with all that implies in terms of a remote take over of the box. The discussion of defenses against resource exhaustion was technically accurate and is helpful for the resource exhaustion attack, but this is a different vulnerability. -- Jonathan Conway The thing about Unix is that all the hoops are rise@knavery.net flaming, so at least you know where they are...