Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 463238

Summary: net-ftp/tnftp: GLOB_LIMIT Resource Exhaustion Denial of Service Security Issue (CVE-2010-2632)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: swegener
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/52727/
Whiteboard: B3 [ebuild+]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-03-25 15:28:19 UTC
From ${URL} :

Description
A security issue has been reported in tnftpd, which can be exploited by malicious users to cause a 
DoS (Denial of Service).

The security issue is caused due to an insufficient GLOB_LIMIT implementation, which can be 
exploited to exhaust memory or cause a high CPU load via specially crafted patterns in commands 
passed to e.g. the ftpd server process.

This is related to:
SA41694

The security issue is reported in version 20100324. Prior versions may also be affected.


Solution
Update to version 20130322.
Original Advisory
http://freecode.com/projects/tnftpd/releases/353302
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-17 00:36:04 UTC
Ping, need a bump.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-17 21:44:11 UTC
Wait, hold on. This is for tnftpd, not tnftp. We don't appear to ship tnftpd. Closing INVALID.