Project

General

Profile

Actions

Bug #323

closed

Need fix for glob() resource exhaustion

Added by Jason King about 11 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
-
Start date:
2010-10-08
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

http://securityreason.com/securityalert/7822 describes the bug. In short, carefully crafted values passed to glob(3c) can cause excessive resource consumption. This means any external facing apps using glob(3c) such as in.ftpd or sftp are vulnerable to a denial of service attack.

Actions

Also available in: Atom PDF