Bug 1142

Summary: "Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)"
Product: Mageia Reporter: Paul Blackburn <paul.blackburn>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: cjw, dmorganec, misc
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://www.exploit-db.com/exploits/15215/
Whiteboard:
Source RPM: pure-ftpd CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 908    

Description Paul Blackburn 2011-05-05 00:46:06 CEST 
Description of problem:
"Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)"

Version-Release number of selected component (if applicable):

Affects FTPd.
Please read details in http://www.exploit-db.com/exploits/15215/


How reproducible:


Steps to Reproduce:
1.
2.
3.
Ahmad Samir 2011-05-05 01:02:44 CEST

Depends on: (none) => 908

Michael Scherer 2011-05-05 15:40:38 CEST

CC: (none) => misc
Blocks: (none) => 908
Depends on: 908 => (none)

Comment 1 Christiaan Welvaart 2011-05-17 20:40:55 CEST 
The referenced report is about BSD ftpd and BSD libc, neither of which is packaged in Mageia AFAIK. Closing as invalid. If you think this is incorrect, reopen this bug *and* provide more information.

Status: NEW => RESOLVED
CC: (none) => cjw
Resolution: (none) => INVALID

Comment 2 Michael Scherer 2011-05-20 02:28:38 CEST 
Seems pure-ftpd is affected : 
http://www.pureftpd.org/project/pure-ftpd/news 
"Support for braces expansion in directory listings has been disabled รข Cf. CVE-2011-0418" 

Mandriva has updated the package to 1.0.32, see  MDVSA-2011:094

Gentoo updated it : http://bugs.gentoo.org/365751 

Fedora didn't yet : https://bugzilla.redhat.com/show_bug.cgi?id=704283

Status: RESOLVED => REOPENED
Resolution: INVALID => (none)
Source RPM: (none) => pure-ftpd

Comment 3 D Morgan 2011-05-20 08:39:55 CEST 
pure-ftpd is now updated in cauldron.

Status: REOPENED => RESOLVED
CC: (none) => dmorganec
Resolution: (none) => FIXED