FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 12:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID Description

VuXML ID	Description
3b7c7f6c-7102-11d8-873f-0020ed76ef5a	wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed Glenn Stewart reports a bug in wu-ftpd's ftpaccess `restricted-uid'/`restricted-gid' directives: Users can get around the restriction to their home directory by issuing a simple chmod command on their home directory. On the next ftp log in, the user will have '/' as their root directory. Matt Zimmerman discovered that the cause of the bug was a missing check for a restricted user within a code path that is executed only when a certain error is encountered. Discovery 2004-02-17 Entry 2004-03-08 Modified 2004-03-29 wu-ftpd <= 2.6.2_3 wu-ftpd+ipv6 <= 2.6.2_5 CVE-2004-0148 9832
ef410571-a541-11d9-a788-0001020eed82	wu-ftpd -- remote globbing DoS vulnerability An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in version 2.6.2 of WU-FPTD could allow for a denial of service of the system by resource exhaustion. The vulnerability specifically exists in the `wu_fnmatch()` function in wu_fnmatch.c. When a pattern containing a '' character is supplied as input, the function calls itself recursively on a smaller substring. By supplying a string which contains a large number of '' characters, the system will take a long time to return the results, during which time it will be using a large amount of CPU time. Discovery 2005-02-05 Entry 2005-04-04 wu-ftpd < 2.6.2_6 wu-ftpd+ipv6 < 2.6.2_7 CVE-2005-0256 http://marc.theaimsgroup.com/?l=bugtraq&m=110935886414939

3b7c7f6c-7102-11d8-873f-0020ed76ef5a

wu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed

Glenn Stewart reports a bug in wu-ftpd's ftpaccess `restricted-uid'/`restricted-gid' directives:

Users can get around the restriction to their home directory by issuing a simple chmod command on their home directory. On the next ftp log in, the user will have '/' as their root directory.

Matt Zimmerman discovered that the cause of the bug was a missing check for a restricted user within a code path that is executed only when a certain error is encountered.

Discovery 2004-02-17
Entry 2004-03-08
Modified 2004-03-29
wu-ftpd

<= 2.6.2_3

wu-ftpd+ipv6

<= 2.6.2_5

CVE-2004-0148
9832

ef410571-a541-11d9-a788-0001020eed82

wu-ftpd -- remote globbing DoS vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of an input validation vulnerability in version 2.6.2 of WU-FPTD could allow for a denial of service of the system by resource exhaustion.

The vulnerability specifically exists in the wu_fnmatch() function in wu_fnmatch.c. When a pattern containing a '*' character is supplied as input, the function calls itself recursively on a smaller substring. By supplying a string which contains a large number of '*' characters, the system will take a long time to return the results, during which time it will be using a large amount of CPU time.

Discovery 2005-02-05
Entry 2005-04-04
wu-ftpd

< 2.6.2_6

wu-ftpd+ipv6

< 2.6.2_7

CVE-2005-0256
http://marc.theaimsgroup.com/?l=bugtraq&m=110935886414939