Flaw in libc implementation threatens FTP servers
Oct 08, 2010, 07:34 (1 Talkback[s])
"A flaw in the implementation of the glob() function in various
C libraries (libc) can be exploited to remotely cripple FTP
servers. As many FTP servers allow anonymous log-ins, and the flaw
is said to be easy to exploit, many servers are at risk of falling
victim to the attack. A report by security specialist Maksymilian
Arciemowicz says that even large FTP servers such as those run by
Adobe and HP are affected.
"The problem exists because GLOB_LIMIT, a feature added in 2001
to limit the amount of memory used by the glob() function is
ineffective."
Complete Story
Related Stories: