Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 FTP:DOS:GEN-GLOB-DOS

Severity

 Medium

Recommended

 No

Category

 FTP

Keywords

 Globbing Denial of Service

Release Date

 2003/12/17

Update Number

 1213

Supported Platforms

 di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

FTP: Globbing Denial of Service


This signature detects attempts to exploit a known vulnerability against ProFTPD, Microsoft IIS and other FTP servers. Due to inadequate globbing algorithms, attackers can send wildcards in the argument of a maliciously crafted command to create a denial of service on the server.

Extended Description

Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates pathnames from file name patterns used by the shell, eg. wildcards denoted by * and ?, multiple choices denoted by {}, etc. The vulnerable FTP servers can be exploited to exhaust system resources if per-user resource usage controls have not been implemented.

Affected Products

  • Apple Mac OS X 10.0.0
  • Apple Mac OS X 10.0.1
  • BeroFTPD 1.3.4
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 Powerpc
  • Debian Linux 2.2.0 sparc
  • FreeBSD 3.5.1
  • FreeBSD 4.2.0
  • HP HP-UX 10.0.0 1
  • HP HP-UX 10.10.0
  • HP HP-UX 10.20.0
  • HP HP-UX 11.0.0
  • HP HP-UX 11.11.0
  • IBM AIX 4.3.0
  • Mandriva Linux Mandrake 8.0.0
  • OpenBSD 2.6.0
  • OpenBSD 2.7.0
  • ProFTPD Project ProFTPD 1.2.0
  • ProFTPD Project ProFTPD 1.2.0 .0Rc3
  • ProFTPD Project ProFTPD 1.2.0 Pre1
  • ProFTPD Project ProFTPD 1.2.0 Pre10
  • ProFTPD Project ProFTPD 1.2.0 Pre11
  • ProFTPD Project ProFTPD 1.2.0 Pre2
  • ProFTPD Project ProFTPD 1.2.0 Pre3
  • ProFTPD Project ProFTPD 1.2.0 Pre4
  • ProFTPD Project ProFTPD 1.2.0 Pre5
  • ProFTPD Project ProFTPD 1.2.0 Pre6
  • ProFTPD Project ProFTPD 1.2.0 Pre7
  • ProFTPD Project ProFTPD 1.2.0 Pre8
  • ProFTPD Project ProFTPD 1.2.0 Pre9
  • ProFTPD Project ProFTPD 1.2.1
  • PureFTPd 0.96.0
  • Sun Solaris 7.0
  • Sun Solaris 7.0_x86
  • Sun Solaris 8 Sparc
  • Sun Solaris 8 X86
  • SuSE Linux 7.2.0
  • Trolltech ftpd 1.21.0
  • Trolltech ftpd 1.22.0
  • Trolltech ftpd 1.23.0
  • Trolltech ftpd 1.24.0
  • Trolltech ftpd 1.25.0
  • Washington University wu-ftpd 2.4.2 academ[BETA1-15]
  • Washington University wu-ftpd 2.4.2 academ[BETA-18]
  • Washington University wu-ftpd 2.5.0 .0
  • Washington University wu-ftpd 2.6.0 .0

References

  • BugTraq: 2496
  • CVE: CVE-2001-0136
  • URL: http://bugs.proftpd.org/show_bug.cgi?id=1066
  • URL: http://www.mandriva.com/security/advisories?name=MDKSA-2002:005

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out