Re: DoS in debian (potato) proftpd
From: martin f krafft (madduck@madduck.net)Date: 03/27/02
- Previous message: Florian Weimer: "Re: DebPloit (exploit)"
- In reply to: Joe Dollard: "DoS in debian (potato) proftpd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Mar 2002 00:37:59 +0100 From: martin f krafft <madduck@madduck.net> To: bugtraq@securityfocus.com
also sprach Joe Dollard <joed@devel.livenote.com> [2002.03.25.2114 +0100]:
> The version of proftp that is in debian potato (1.2.0pre10 as
> reported by running 'proftpd -v ') is vulnerable to a glob DoS
> attack, as discovered on the 15th March 2001. You can verify this
> bug by logging in to a server running debian stable's proftpd and
> type "ls
> */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*".
> This results with 100% of the CPU and memory resources being
> consumed (more info at http://proftpd.linux.co.uk/critbugs.html),
(please fix your line wraps!)
security.debian.org has proftpd_1.2.0pre10-2.0potato1 which does not
contain this bug, at least not on i386 systems:
fishbowl:~> ncftp lapse.home.madduck.net
NcFTP 3.1.2 (Jan 28, 2002) by Mike Gleason (ncftp@ncftp.com).
Connecting to 192.168.14.3
ProFTPD 1.2.0pre10 Server (Debian) [lapse.home.madduck.net]
Logging in...
Anonymous access granted, restrictions apply.
Logged in to localhost.
ncftp / > ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/.././fw1-4.1-sp3@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../../fw1-4.1-sp3@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../fw1-4.1-sp3@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/.././fw1-4.1-sp4@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../../fw1-4.1-sp4@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../fw1-4.1-sp4@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/.././fw1-4.1-sp5@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../../fw1-4.1-sp5@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../fw1-4.1-sp5@
<and on for another screen full>
fishbowl:~> ssh lapse 'cat /etc/debian_version; uname -a'
2.2r5
Linux lapse 2.2.20 #1 Tue Feb 12 14:22:30 CET 2002 i486
regards,
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
"i'm always frank and earnest with women.
uh, in new york i'm frank, and in chicago i'm ernest."
-- the long kiss goodnight
- application/pgp-signature attachment: stored
- Previous message: Florian Weimer: "Re: DebPloit (exploit)"
- In reply to: Joe Dollard: "DoS in debian (potato) proftpd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
