Flaw in libc implementation threatens FTP servers (The H)
Flaw in libc implementation threatens FTP servers (The H)
[Security] Posted Oct 7, 2010 17:48 UTC (Thu) by corbet
Anybody running an anonymous FTP server may want to have a look at this
article in The H about a newly-disclosed denial of service problem.
"The problem exists because GLOB_LIMIT, a feature added in 2001 to
limit the amount of memory used by the glob() function is
ineffective. Globbing, as it is called, calls on the glob() function to
match wildcard patterns when generating a list of matching file
names. Because GLOB_LIMIT is not effective, it potentially allows a
system's main memory to be flooded when processing certain patterns and
this may, depending on the hardware used, cause the system to become very
slow, cease to respond or even crash as a result.
"