Linux Today: Linux News On Internet Time.

More on LinuxToday

Flaw in libc implementation threatens FTP servers

Oct 08, 2010, 07:34 (1 Talkback[s])

"A flaw in the implementation of the glob() function in various C libraries (libc) can be exploited to remotely cripple FTP servers. As many FTP servers allow anonymous log-ins, and the flaw is said to be easy to exploit, many servers are at risk of falling victim to the attack. A report by security specialist Maksymilian Arciemowicz says that even large FTP servers such as those run by Adobe and HP are affected.

"The problem exists because GLOB_LIMIT, a feature added in 2001 to limit the amount of memory used by the glob() function is ineffective."

Complete Story

Related Stories: