|
Bugtraq
mailing list archives
Re: WU-FTPD 2.6.2 Freezer
From: Luca Berra <bluca () comedia it>
Date: Sat, 1 Nov 2003 15:47:36 +0100
On Fri, Oct 31, 2003 at 11:40:44AM -0800, Seth Arnold wrote:
On Fri, Oct 31, 2003 at 02:55:43PM -0000, Angelo Rosiello wrote:
for( i=0; i<loop; i++ )
{
write( sd, "LIST -w 1000000 -C\n", 19 );
}
It is probably worth pointing out that it is FSF ls(1) at fault here;
wu-ftpd just provides a convenient way for potentially unauthenticated
users to DoS the machine. If your OS supports rlimits (ulimit(3)), I
believe they will provide reliable protection against this problem.
it might be also worth noting that wu-ftpd can be rebuilt with internal
ls code.
regards,
L.
--
Luca Berra -- bluca () comedia it
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
 By Date 
By Thread
Current thread:
- Re: WU-FTPD 2.6.2 Freezer Luca Berra (Nov 01)
|
Intro
