Re: proftpd bug or not?
Gustavo Franco@lists.debian-devel@Wed, 27 Mar 2002 14:00:46 -0300:
> >From -IReturn-Receipt-To:
> List-Post: <mailto:debian-devel@lists.debian.org>
> List-Help: <mailto:debian-devel-request@lists.debian.org?subject=help>
> [...]
>
The new listserver seems to be buggy..
> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
>
> * Applied patch against string format buffer attack.
> [..]
> -- Ivo Timmermans <ivo@debian.org> Sat, 24 Feb 2001 12:42:53 +0100
>
> Is it the fix report to the problem ?
>
AFAIK and IIRC the problem is fixed, but only if you use the proftd.conf
from the package, which contains a deny-regex for URL's like this one.
--
*=-+-______________________
|lintux-@t-lintux-d0t-cx: _ Ugh! Nio2f says something: ______
: http://www.lintux.cx/ | / ... contenttype the lists.debian. \
~~~~~~~~~~~~~~~~~~~~~~-+-=-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+-=*
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: