Re: DoS due to GNU globbing functions

[Rob klein Gunnewiek]

www.proftpd.net:

     In summary, we would like to reiterate that this "vulnerability"
     has been a non-issue for quite some time. Furthermore, we suggest
     that Mr. Gunnewiek check his facts in the future before he engages
     in handwaving and publicity-seeking.
     In summary, we would like to reiterate that this "vulnerability"
     has been a non-issue for quite some time. Furthermore, we suggest
     that Mr. Gunnewiek check his facts in the future before he engages
     in handwaving and publicity-seeking.

Shut the fuck up! I'll keep 0day next time!!!
This "vulnerability" smashed up my system so obviously the bug wasn't
fixed. About publicity-seeking... remove my fucking name!
Why the fuck do you think i'm seeking publicity when you write my name 4
times on your front page. And the bug is soooo obvious it shouldn't have
been there in the first place, BIG SCHANDAL!!! Finding such a bug is sooo
easy that it doesn't even deserve credit. If you think this bug ain't
there, then why do you care? I DONT
I suggest you sed index.html and remove my name there!
I shouldn't have disclosed this on the bugtraq before handling this with
you, but YOU shouldn't react this way.
I forgot about address@hidden from now on, next time my infoz go
straight into the underground

On Thu, 12 Dec 2002, Rob klein Gunnewiek wrote:

> Hello,
> 
> I discovered a DoS vulnerability in ProFTPd 1.2.5 and 1.2.7rc3 which use
> the GLIBC globbing functions.
> TJ Saunders pointed out to me that the DoS vulnerability was caused by the
> globbing functions in GLIBC used by ProFTPD, which makes this
> vulnerability likely to exist in other software as well.
> 
> The method used was:
> 
> STAT /*/*/*/*/*/*/*
> or
> LIST /*/*/*/*/*/*/*
> 
> Note: this method seems to be different than:
> 
> LIST ../*/../*/../*/../*
> 
> and the like vulnerabilities reported awhile ago.
> 
> I have only tested this against slackware 8.1 default install + proftpd
> v1.2.4 and 1.2.7rc3.
> 
> Rob.
> 
> 
>