COMMAND

    wu-ftpd (all versions)

SYSTEMS AFFECTED

    FreeBSD 2.2.1, BSDI 3.0

PROBLEM

    Josef Karthauser found following.  You can severly compromise  the
    ftp  servers  performance.   This  command  will  create  a   HUGE
    directory listing,  no matter  how many  files/directories are  in
    the current directory (this is recursive).

    Log into  a wu_ftp  server (either  anonymously or  as a user) and
    issue the command...

        nlist ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
        ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
        ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
        ../*/../*/../*/../*/../*../*../*

    Consequences vary.  On  FreeBSD 2.2 box you'll  be able to eat  up
    all memory and  swap memory until  the kernel spewed  "out of swap
    space" errors and  killed a few  processes.  It  also eats up  all
    available CPU space (up to 99.22%  on my box).  If repeated  a few
    times you will no longer use up swap space and the processor usage
    will rocket and stay there for  quite a while (hours).  Since  the
    ftpd  program  is  still  processing  the command your ftp session
    will not idle  timeout.  However,  if you do  decide to kill  your
    attacking ftp  session, ftpd  will still  process teh  command and
    therefore, the hosts resources will take a beating.

SOLUTION

    Soon...