Flaw in libc implementation threatens FTP servers

Oct 08, 2010, 07:34 (1 Talkback[s])

"A flaw in the implementation of the glob() function in various C libraries (libc) can be exploited to remotely cripple FTP servers. As many FTP servers allow anonymous log-ins, and the flaw is said to be easy to exploit, many servers are at risk of falling victim to the attack. A report by security specialist Maksymilian Arciemowicz says that even large FTP servers such as those run by Adobe and HP are affected.

"The problem exists because GLOB_LIMIT, a feature added in 2001 to limit the amount of memory used by the glob() function is ineffective."

Complete Story

Related Stories:

• Unsafe Functions In C And Their Safer Replacements: Strings Part II(Mar 03, 2009)
• Fedora 14 Linux Boosts Security with OpenSCAP(Oct 05, 2010)
• Assessing the Tux Strength: Part 2 - Into the Kernel(Sep 09, 2010)
• Assessing the Tux Strength: Part 1 - Userspace Memory Protection(Sep 09, 2010)
• Linux Users Face Risk From Kernel Vulnerability (Aug 20, 2010)
• Critical Vulnerability Silently Patched in Linux Kernel(Aug 19, 2010)