CVE-2015-5917

tnftpd - DoS

Title source: llm

Description

The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.

References (6)

[Vendor Advisory] http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

[Vendor Advisory] https://support.apple.com/HT205267

[Exploit] https://www.youtube.com/watch?v=MBK4QYkUm10

[Issue Tracking] https://cxsecurity.com/issue/WLB-2013040082

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76908

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033703

Scores

EPSS 0.0161

EPSS Percentile 81.5%

Classification

CWE

CWE-119

Status draft

Affected Products (1)

netbsd/tnftpd

Timeline

Published Oct 09, 2015

Tracked Since Feb 18, 2026