Wu-ftpd Ls -W Memory Exhaustion Network Vulnerability

Summary

The FTP server does not filter arguments to the ls command. It is possible to consume all available memory on the machine by sending ls '-w 1000000 -C' See http://www.guninski.com/binls.html

Solution

Contact your vendor for a fix

Severity

Classification

CVE CVE-2003-0853, CVE-2003-0854

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ArGoSoft FTP Server .NET Directory Traversal Vulnerability
Titan FTP Server Multiple Directory Traversal Vulnerabilities
War FTP Daemon CWD/MKD Buffer Overflow
WS FTP server DoS
SurgeFTP 'surgeftpmgr.cgi' Multiple Cross Site Scripting Vulnerabilities

wu-ftpd ls -W memory exhaustion

Take action and discover your vulnerabilities