COMMAND
	    wu-ftpd (all versions)
SYSTEMS AFFECTED
	    FreeBSD 2.2.1, BSDI 3.0
PROBLEM
	    Josef Karthauser found following.  You can severly compromise  the
	    ftp  servers  performance.   This  command  will  create  a   HUGE
	    directory listing,  no matter  how many  files/directories are  in
	    the current directory (this is recursive).
	    Log into  a wu_ftp  server (either  anonymously or  as a user) and
	    issue the command...
	
	        nlist ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
	        ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
	        ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
	        ../*/../*/../*/../*/../*../*../*
	
	    Consequences vary.  On  FreeBSD 2.2 box you'll  be able to eat  up
	    all memory and  swap memory until  the kernel spewed  "out of swap
	    space" errors and  killed a few  processes.  It  also eats up  all
	    available CPU space (up to 99.22%  on my box).  If repeated  a few
	    times you will no longer use up swap space and the processor usage
	    will rocket and stay there for  quite a while (hours).  Since  the
	    ftpd  program  is  still  processing  the command your ftp session
	    will not idle  timeout.  However,  if you do  decide to kill  your
	    attacking ftp  session, ftpd  will still  process teh  command and
	    therefore, the hosts resources will take a beating.
SOLUTION
	    Soon...