Nessus Plugin #11912
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
wu-ftpd ls -W memory exhaustion
- Family:
- FTP
- Category:
- mixed
- Copyright:
- Copyright (C) 2003 Michel Arboi
- Summary:
- send ls -w 1000000 -C to the remote FTP server
- Version:
- $Revision: 1.3 $
- Cve_id:
- CAN-2003-0853, CAN-2003-0854
- Bugtraq_id:
- 8875
- Xrefs:
- CONECTIVA:CLA-2003:768, zone-h:3299
- Description:
The FTP server does not filter arguments to the ls command.
It is possible to consume all available memory on the machine
by sending
ls "-w 1000000 -C"
See http://www.guninski.com/binls.html
Solution : Contact your vendor for a fix
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.