CVE-2011-0418

Pure-FTPd < 1.0.32 - Authenticated Denial of Service via Glob Expression Expansion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0418. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in FreeBSD's ftpd by sending a specially crafted STAT command with excessive wildcards, causing CPU resource exhaustion. The issue stems from the glob(3) function in FreeBSD's libc, which fails to enforce GLOB_LIMIT properly.

Description

The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

Exploits (1)

exploitdb WORKING POC

by Maksymilian Arciemowicz · textdosfreebsd

https://www.exploit-db.com/exploits/24450

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in FreeBSD's ftpd by sending a specially crafted STAT command with excessive wildcards, causing CPU resource exhaustion. The issue stems from the glob(3) function in FreeBSD's libc, which fails to enforce GLOB_LIMIT properly.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: FreeBSD ftpd (tested on FreeBSD 9.1)

Auth required

Prerequisites: Anonymous FTP access enabled · Network connectivity to the target FTP server

MITRE ATT&CK