Re: CVE request: pure-ftpd denial of service in glob_()

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Version 1.0.40 of pure-FTPd

> NEWS file:

>  - The process handling a user session could be crashed by trying to
>  match a file pattern longer than the maximum length for a path. This
>  has been fixed.

> https://github.com/jedisct1/pure-ftpd/commit/0627004e23a24108785dc1506c5767392b90f807

Can you clarify the security impact? We have not looked into the code
paths or the overall product design. Is this a process that is
specific to one FTP client? Is the problem that the gl_errfunc
assignment doesn't occur and there is always a dereference of a NULL
function pointer? Is there a commonly relevant consequence other than
the ability of an FTP client to conduct a DoS attack against its own
session?

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVgvkkAAoJEKllVAevmvmsAHgH/js/rXSJfKmyb+7VLsgYnzPz
+DRUjQ4h/Nza0ZvBUuWub3JMaqWgLq+YCXZKVHUPmdyz+i7oXYPHyEZzvGVedVHi
djzSqdAh8sU6lN5oG7yShjlHTIDnDr+MJDvU4gjnsLxTuEGGDkUeZzwUXyOJgO9f
hCFSFSRFe6pMrOIuaPIwO/opLX0qG+c8E2IZbR5bXCq8mKVVLxs9/rl9juBGtGeo
oUwK9E+NktAnRCsRhtGnxCl37teIePbmuj+MLuIvQysf2xjfIJvi1FQ5GeuVDcN6
U4nv9rx7VIAy1EWPoWlAo66YKaSyOv1RIAc3cVu/lHkYfwQA54F/KR+k1Lbfge0=
=1/Mw
-----END PGP SIGNATURE-----