Re: FTP/security
There is a fix (about one year old :) for this situation: a special
construction in the ProFTPd configuration:
DenyFilter \*.*/
(Note from http://www.proftpd.org/critbugs.html :
A fixed version of GNU glob is used in ProFTPD 1.2.2rc1 and later.)
So there is no reason either change a software or contact maintainer because
he/they knows about this :)
--- Alexei Khlebnikov <khlebnikov@scnsoft.com> wrote:
> Roman Kovalenko wrote:
>
> > òÅÛÉÌ ×ÏÔ ÐÒÏÔÅÓÔÉÒÏ×ÁÔØ ÎÏ×ÙÊ ÓÅÒ×ÅÒ. úÁÐÕÓÔÉÌ Ó ÓÏÓÅÄÎÅÇÏ ËÏÍÐØÀÔÅÒÁ
> > DÏS-ÁÔÁËÕ (ls
> */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*) ÎÁ FTP
> (ProFTPD
> > 1.2.0pre10 ÉÚ 2.2r3). ðÒÏÃÅÓÓ ÔÕÔ ÖÅ ÏÔßÅÌ ×ÓÀ ÐÁÍÑÔØ ×ÍÅÓÔÅ ÓÏ Ó×ÏÐÏÍ :-(
> ÷Ó×ÑÚÉ Ó
> > ÜÔÉÍ ×ÏÐÒÏÓ:
> > þÔÏ ÍÏÖÎÏ ÐÏÓÔÁ×ÉÔØ ×ÍÅÓÔÏ ÜÔÏÇÏ ftp, ÞÔÏ ÎÅ ÐÏÄÏÂÎÏÇÏ ÂÏÌÅÅ ÎÅ
> ÐÏ×ÔÏÒÑÌÏÓØ?
>
> é Ñ ÂÙ ÅÝÅ ÎÁ Ô×ÏÅÍ ÍÅÓÔÅ ÎÁÐÉÓÁÌ ÍÜÊÎÔÅÊÎÅÒÕ ÐÁËÅÔÁ ProFTPD Ï ÜÔÏÍ.
>
__________________________________________________
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com
Reply to: