Re: proftpd bug or not?

To: debian-devel@lists.debian.org
Subject: Re: proftpd bug or not?
From: Wilmer van der Gaast <lintux@bigfoot.com>
Date: Thu, 28 Mar 2002 08:21:12 GMT
Message-id: <[🔎] slrnaa5kjo.8tg.lintux@roy.gaast.net>
References: <[🔎] 20020327140046.24a09386.stratus@alternex.com.br>

Gustavo Franco@lists.debian-devel@Wed, 27 Mar 2002 14:00:46 -0300:
> >From -IReturn-Receipt-To:
>  List-Post: <mailto:debian-devel@lists.debian.org>
>  List-Help: <mailto:debian-devel-request@lists.debian.org?subject=help>
> [...]
> 
The new listserver seems to be buggy..

>  ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 
>  
>    * Applied patch against string format buffer attack.
>    [..]
>  -- Ivo Timmermans <ivo@debian.org>  Sat, 24 Feb 2001 12:42:53 +0100
>  
>  Is it the fix report to the problem ?
>  
AFAIK and IIRC the problem is fixed, but only if you use the proftd.conf
from the package, which contains a deny-regex for URL's like this one.

-- 
*=-+-______________________
   |lintux-@t-lintux-d0t-cx:     _ Ugh! Nio2f says something: ______
   : http://www.lintux.cx/ |    / ... contenttype the lists.debian. \
    ~~~~~~~~~~~~~~~~~~~~~~-+-=-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+-=*


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: proftpd bug or not?
  - From: martin f krafft <madduck@madduck.net>

References:
- proftpd bug or not?
  - From: Gustavo Franco <stratus@alternex.com.br>

Prev by Date: Re: gtk problems with fwbuilder and abiword-gtk
Next by Date: Re: Bug#139945: ITP: prokyon3 -- a multithreaded MP3 manager and tag editor for Linux.
Previous by thread: proftpd bug or not?
Next by thread: Re: proftpd bug or not?
Index(es):
- Date
- Thread