Re: proftp DoS in debian stable?
On Wed, Mar 06, 2002 at 09:48:46AM -0500, Noah L. Meyerhans wrote:
> On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote:
> > potato version is not exploitable (patched with a backported hack many
> > months ago). See old DSA on www.debian.org.
> No, it is still vulnerable. I have confirmed for myself that the fix
> applied in the DSA did not eliminate the DoS. The only way to be safe
> right now is to add the following to /etc/proftpd.conf:
> DenyFilter \*.*/
> The problem is not likely with proftpd, but with glibc. I am going to
> begin investigating fixes ASAP.
glibc has been patched for glob problems too.
There is a not too old thread about the same subject...
Francesco P. Lovergine