Bugtraq mailing list archives
Re: WU-FTPD 2.6.2 Freezer
From: Luca Berra <bluca () comedia it>
Date: Sat, 1 Nov 2003 15:47:36 +0100
On Fri, Oct 31, 2003 at 11:40:44AM -0800, Seth Arnold wrote:
On Fri, Oct 31, 2003 at 02:55:43PM -0000, Angelo Rosiello wrote:for( i=0; i<loop; i++ ) { write( sd, "LIST -w 1000000 -C\n", 19 ); }It is probably worth pointing out that it is FSF ls(1) at fault here; wu-ftpd just provides a convenient way for potentially unauthenticated users to DoS the machine. If your OS supports rlimits (ulimit(3)), I believe they will provide reliable protection against this problem.
it might be also worth noting that wu-ftpd can be rebuilt with internal ls code. regards, L. -- Luca Berra -- bluca () comedia it Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \
Current thread:
- Re: WU-FTPD 2.6.2 Freezer Luca Berra (Nov 01)
- <Possible follow-ups>
- Re: WU-FTPD 2.6.2 Freezer Rossen Petrov (Nov 01)