---

Flaw in libc implementation threatens FTP servers

“A flaw in the implementation of the glob() function in various
C libraries (libc) can be exploited to remotely cripple FTP
servers. As many FTP servers allow anonymous log-ins, and the flaw
is said to be easy to exploit, many servers are at risk of falling
victim to the attack. A report by security specialist Maksymilian
Arciemowicz says that even large FTP servers such as those run by
Adobe and HP are affected.

“The problem exists because GLOB_LIMIT, a feature added in 2001
to limit the amount of memory used by the glob() function is
ineffective.”


Complete Story