Hi, After some noise in bugtraq and vuln-dev(reported by: Martin Krafft to -security).I've one question. The problem is about glob DoS, something like type: ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* See this quote from changelog: proftpd (1.2.0pre10-2.0potato1) stable; urgency=high * Non-Maintainer upload. * Applied patch against string format buffer attack. [..] -- Ivo Timmermans <ivo@debian.org> Sat, 24 Feb 2001 12:42:53 +0100 Is it the fix report to the problem ? thanks, -- _ __|_ _. _ _|_.__.._ _ _ (_||_|_> |_(_|\/(_) | |(_|| |(_(_) stratus@ax.net.br _|nupg id: 0x37155778 gustavo@dsgx.org Alternex S/A - www.alternex.com.br -- Rio de Janeiro/Brazil gnupg id: 0x37155778 (fetch from keyserver: wwwkeys.eu.pgp.net) Key fingerprint = 1908 52B9 4A16 6EC2 74D1 C03B EDFB 7005 3715 5778 p.s: I can't reproduce this bug running proftpd 1.2.0pre10-2.0potato1 !
Attachment:
pgpHH66BUjr_D.pgp
Description: PGP signature