FreeBSD : wu-ftpd -- remote globbing DoS vulnerability (ef410571-a541-11d9-a788-0001020eed82)
Medium Nessus Plugin ID 19162
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAn iDEFENSE Security Advisory reports :
Remote exploitation of an input validation vulnerability in version 2.6.2 of WU-FPTD could allow for a denial of service of the system by resource exhaustion.
The vulnerability specifically exists in the wu_fnmatch() function in wu_fnmatch.c. When a pattern containing a '*' character is supplied as input, the function calls itself recursively on a smaller substring.
By supplying a string which contains a large number of '*' characters, the system will take a long time to return the results, during which time it will be using a large amount of CPU time.
SolutionUpdate the affected packages.