Denial of Service Vulnerability in tnftpd Used in Apple OS X
CVE-2015-5917

Currently unrated

Key Information:

Vendor: Netbsd
Status: Tnftpd
Vendor: CVE Published:; 9 October 2015

What is CVE-2015-5917?

A vulnerability in the glob implementation of tnftpd, utilized in Apple OS X prior to version 10.11, enables remote attackers to execute denial of service attacks. By sending a specially crafted STAT command containing specific patterns, such as multiple instances of the {..,..,..}/* substring, attackers can deplete system memory and disrupt the daemon's operations, leading to a complete service outage.

References

http://www.securitytracker.com/id/1033703

vdb-entryx_refsource_SECTRACK

https://www.youtube.com/watch?v=MBK4QYkUm10

x_refsource_MISC

https://cxsecurity.com/issue/WLB-2013040082

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2015
Vulnerability Reserved
Aug 6, 2015

CVE-2015-5917 Data

JSON

Netbsd

What is CVE-2015-5917?

References

Timeline