Re: WU-FTPD 2.6.2 Freezer

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: WU-FTPD 2.6.2 Freezer
From: Seth Arnold <sarnold@xxxxxxxxx>
Date: Fri, 31 Oct 2003 11:40:44 -0800
In-reply-to: <20031031145543.19772.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20031031145543.19772.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.4.1i

On Fri, Oct 31, 2003 at 02:55:43PM -0000, Angelo Rosiello wrote:
>       for( i=0; i<loop; i++ )
>       {
>               write( sd, "LIST -w 1000000 -C\n", 19 );
>       }

It is probably worth pointing out that it is FSF ls(1) at fault here;
wu-ftpd just provides a convenient way for potentially unauthenticated
users to DoS the machine. If your OS supports rlimits (ulimit(3)), I
believe they will provide reliable protection against this problem.

-- 
http://www.immunix.com/  secure Linux distributions and appliances

Attachment: pgpJ53CXK9pwX.pgp
Description: PGP signature

Follow-Ups:
- Re: WU-FTPD 2.6.2 Freezer
  - From: Luca Berra

References:
- WU-FTPD 2.6.2 Freezer
  - From: Angelo Rosiello

Prev by Date: Macos 10.2.8
Next by Date: Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads
Previous by thread: WU-FTPD 2.6.2 Freezer
Next by thread: Re: WU-FTPD 2.6.2 Freezer
Index(es):
- Date
- Thread