FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 12:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ef410571-a541-11d9-a788-0001020eed82wu-ftpd -- remote globbing DoS vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of an input validation vulnerability in version 2.6.2 of WU-FPTD could allow for a denial of service of the system by resource exhaustion.

The vulnerability specifically exists in the wu_fnmatch() function in wu_fnmatch.c. When a pattern containing a '*' character is supplied as input, the function calls itself recursively on a smaller substring. By supplying a string which contains a large number of '*' characters, the system will take a long time to return the results, during which time it will be using a large amount of CPU time.


Discovery 2005-02-05
Entry 2005-04-04
wu-ftpd
< 2.6.2_6

wu-ftpd+ipv6
< 2.6.2_7

CVE-2005-0256
http://marc.theaimsgroup.com/?l=bugtraq&m=110935886414939
3b7c7f6c-7102-11d8-873f-0020ed76ef5awu-ftpd ftpaccess `restricted-uid'/`restricted-gid' directive may be bypassed

Glenn Stewart reports a bug in wu-ftpd's ftpaccess `restricted-uid'/`restricted-gid' directives:

Users can get around the restriction to their home directory by issuing a simple chmod command on their home directory. On the next ftp log in, the user will have '/' as their root directory.

Matt Zimmerman discovered that the cause of the bug was a missing check for a restricted user within a code path that is executed only when a certain error is encountered.


Discovery 2004-02-17
Entry 2004-03-08
Modified 2004-03-29
wu-ftpd
<= 2.6.2_3

wu-ftpd+ipv6
<= 2.6.2_5

CVE-2004-0148
9832