oss-sec mailing list archives
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion
From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Mon, 24 Apr 2017 17:08:57 -0500 (CDT)
There was no mention of ImageMagick and GraphicsMagick, which have their own built-in glob algorithm.
When a matching file exists, a glob expression which takes massive time with zsh, takes virtually no time with ImageMagick/GraphicsMagick (much better than zsh). However if there is no matching file, then the amount of time required seems unbounded.
Besides being passed as an explicit argument, glob expressions can be passed as multiple lines in a text file preceded with a '@' character like
@filename.txt Any input file name could be a glob expression. Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Current thread:
- remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (Apr 24)
- Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Bob Friesenhahn (Apr 24)
- Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (May 08)
- Re: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Kurt Seifried (May 08)