Summary
The FTP server does not filter arguments to the ls command. It is possible to consume all available memory on the machine by sending
ls '-w 1000000 -C'
See http://www.guninski.com/binls.html
Solution
Contact your vendor for a fix
Severity
Classification
-
CVE CVE-2003-0853, CVE-2003-0854 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Telnet-FTP Server 'RETR' Command Remote Denial of Service Vulnerability
- pyftpd Multiple Vulnerabilities
- Ricoh DC Software DL-10 FTP Server 'USER' Command Buffer Overflow Vulnerability
- QuickShare File Share FTP Server Directory Traversal Vulnerability
- Home FTP Server Multiple Directory Traversal Vulnerabilities