An attacker can use the globbing (wildcard) functionality available in some FTP daemons for a remote denial-of-service attack. This attack has been tested against ProFTP and PureFTPD. It has also been reported that some shells have this bug and can be exploited by a local user.
It is recommended that users watch their vendors for updates.
[^] # Re: La sécurité avant tout
Posté par un nain_connu . En réponse à la dépêche nouvelle version de pure-ftpd ( pure-ftpd 1.0.4 ). Évalué à 1.
Euh pureftpd a été touché par la vulnérabilité 'glob'.
sur http://linux.oreillynet.com/pub/a/linux/2001/03/20/insecurities.htm(...)
Glob vulnerabilities
An attacker can use the globbing (wildcard) functionality available in some FTP daemons for a remote denial-of-service attack. This attack has been tested against ProFTP and PureFTPD. It has also been reported that some shells have this bug and can be exploited by a local user.
It is recommended that users watch their vendors for updates.