[原文]ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only allow one non-connected socket bound to the same local address," does not close failed connections, which allows remote attackers to cause a denial of service.
WU-FTPD on Unspecified OS Connection Saturation DoS
Remote / Network Access
Denial of Service
Loss of Availability
WU-FTPD contains a flaw that may allow a remote attacker to cause a Denial of Service condition. The issue occurs when WU-FTPD is compiled on certain unspecified operating systems that limit non-connected socket binds to the same local address. In such a situation, a remote attacker can exhaust the connection resources preventing further legitimate connections.
Currently, there are no known workarounds or upgrades to correct this issue. However, WU-FTPD has released a patch to address this vulnerability.