[19797] in bugtraq
Re: Multiple vendors FTP denial of service
daemon@ATHENA.MIT.EDU (Interstellar Overdrive)
Fri Mar 23 05:23:54 2001
Content-Type: text/plain
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID: <01032215432900.00490@overdrive>
Date: Thu, 22 Mar 2001 15:30:48 +0200
Reply-To: Interstellar Overdrive <interdrive@HOME.COM>
From: Interstellar Overdrive <interdrive@HOME.COM>
X-To: "Frank DENIS (Jedi/Sector One)" <j@4U.NET>,
"Frank DENIS (Jedi/Sector One)" <j@4U.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010315093409.A5565@synchron.home.rtchat.com>
a quick note, Winsock FTPD 3.00 pro and 2.41 (maybe prior) are vulnerable
to this bug as well, i tested it on a WindowsNT 4.0 box, wftpd seems to push cpu
usage to 100%, another thing concerning wftpd is that if a user isn't
restricted to his own directory, the ftpd falls in an endless loop (keeps on
listing dirs), and cpu usage is sticked on 100 % of course...so far, there
seems to be no configuration options in wftpd regarding globbing...:(
PS: Serv-U ftp doesn't seem to be vulnerable
greets,
Interstellar Overdrive
