[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

proftpd bug or not?



Hi,

After some noise in bugtraq and vuln-dev(reported by: Martin Krafft to
-security).I've one question.

The problem is about glob DoS, something like type:
ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 

See this quote from changelog:

proftpd (1.2.0pre10-2.0potato1) stable; urgency=high

  * Non-Maintainer upload.
  * Applied patch against string format buffer attack.
  [..]
-- Ivo Timmermans <ivo@debian.org>  Sat, 24 Feb 2001 12:42:53 +0100

Is it the fix report to the problem ?

thanks,
--                                
 _     __|_ _.   _  _|_.__.._  _ _ 
(_||_|_> |_(_|\/(_)  | |(_|| |(_(_)                stratus@ax.net.br
 _|nupg id: 0x37155778                              gustavo@dsgx.org

   Alternex S/A - www.alternex.com.br --  Rio de Janeiro/Brazil

 gnupg id: 0x37155778 (fetch from keyserver: wwwkeys.eu.pgp.net)
Key fingerprint = 1908 52B9 4A16 6EC2 74D1  C03B EDFB 7005 3715 5778

p.s: I can't reproduce this bug running proftpd 1.2.0pre10-2.0potato1 !

Attachment: pgpT9C7nTDYXM.pgp
Description: PGP signature


Reply to: