DoS Vulnerability in ProFTPD by The ProFTPD Project
CVE-2001-1501

Currently unrated

Key Information:

Vendor: Proftpd Project
Status: Proftpd
Vendor: CVE Published:; 31 December 2001

🔔 Create Proftpd Project Vulnerability Alert

What is CVE-2001-1501?

The glob functionality in ProFTPD versions 1.2.1 and possibly others is susceptible to a denial of service attack. By sending crafted commands with excessive wildcard and special character sequences, an attacker can cause significant CPU and memory consumption. This vulnerability can be demonstrated through the use of commands such as 'ls' with malformed arguments like '/..', '/.', or '../*?/'. This can ultimately disrupt service availability, making it crucial for administrators to address this vulnerability promptly.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

http://online.securityfocus.com/archive/1/169395

mailing-listx_refsource_BUGTRAQ

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jun 21, 2005
Vulnerability published
Dec 31, 2001

JSON