Results 1 to 4 of 4
Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon) - SecurityReason.com...
- 10-07-2010 #1Linux Engineer
- Join Date
- Jun 2008
- Location
- Acadiana
- Posts
- 855
Security alert, secure your server
- 10-07-2010 #2Trusted Penguin
- Join Date
- Jul 2004
- Location
- Either at home or at work or down the pub
- Posts
- 2,287
I wonder who will be the first to patch...
If we hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate! (Zapp Brannigan)
My new blog. It's probably not as good as I think it is.
- 10-07-2010 #3Trusted Penguin
- Join Date
- Aug 2005
- Location
- Nottingham, England
- Posts
- 3,391
That's a denial of service attack, not a security vulnerability as such. Also it applies particularly to FTP servers, although perhaps it could also apply to systems which have other command line access that use glob to do file searches.
Personally, I don't have ftp services on my servers, and the only other way to go searching files is through an ssh connection which requires keys.
Most people wouldn't be affected by this, I doubt very many others run ftp either.Linux user #126863 - see http://linuxcounter.net/
- 10-07-2010 #4Trusted Penguin
- Join Date
- Jul 2004
- Location
- Either at home or at work or down the pub
- Posts
- 2,287
My Hosting provider uses FTP for uploading / downloading files to their servers. While I would prefer a more secure method, I don't care too much!
If we hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate! (Zapp Brannigan)
My new blog. It's probably not as good as I think it is.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
