wu_ftpd recursive nlist DOS
|Description:||An attacker can long into a wu_ftpd server and do a recursive nlist that hogs a tremendous amount of system resources|
|Author:||Josef Karthauser <firstname.lastname@example.org>|
|Vulnerable Systems:||Those running wu_ftpd, most Linux and *BSD systems run this |
|Date:||9 September 1997 |
Date: Tue, 9 Sep 1997 09:45:43 -0500
From: Aleph One <email@example.com>
Subject: FTP compromise.
---------- Forwarded message ----------
Date: Tue, 9 Sep 1997 14:43:46 +0100
From: Josef Karthauser <firstname.lastname@example.org>
Subject: FTP compromise.
I found this today. Any comments?
BUG: wu_ftpd (all versions)
TESTED: BSDI 3.0 (all patches), FreeBSD 2.2.1
DATE: 15th Aug 1997
REPEAT BY: Log into a wu_ftp server (either anonymously or as a user)
and issue the command...
DESCRIPTION: You can severly compromise the ftp servers performance.
This command will create a HUGE directory listing, no
matter how many files/directories are in the current
directory (this is recursive).
CONSEQUENCES: These vary. On my FreeBSD 2.2 box I was able to eat up
all memory and swap memory until the kernel spewed
"out of swap space" errors and killed a few processes.
It also eats up all available CPU space (up to 99.22%
on my box). If repeated a few times you will no
longer use up swap space and the processor usage will
rocket and stay there for quite a while (hours). Since
the ftpd program is still processing the command your
ftp session will not idle timeout. However, if you
do decide to kill your attacking ftp session, ftpd
will still process teh command and therefore, the hosts
resources will take a beating.
Basically, it looks like any user can severely drain
your systems resources - a kind of Denial of Service
attack. I was able to use up all remaining processor
time for two hours (would have gone on for much longer
only I got bored and kill it).
CONTACT: You can email me at email@example.com if you
want to discuss this problem further (or let me know
if it works on any other ftpd).
Technical Manager Email: firstname.lastname@example.org
Pavilion Internet plc. [Tel: +44 1273 607072 Fax: +44 1273 607073]
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:
[ Nmap |
Sec Tools |
Mailing Lists |
Site News |