Remote exploitation of an input validation vulnerability
in version 2.6.2 of WU-FPTD could allow for a denial of
service of the system by resource exhaustion.
The vulnerability specifically exists in the
wu_fnmatch() function in wu_fnmatch.c. When a
pattern containing a '*' character is supplied as input,
the function calls itself recursively on a smaller
substring. By supplying a string which contains a large
number of '*' characters, the system will take a long time
to return the results, during which time it will be using
a large amount of CPU time.