[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proftpd exploit??

On Thu, May 24, 2001 at 07:43:50PM +0200, Andres Herrera wrote:
> Hi!!
> I have Potato in a machine, with 
> ii  proftpd        1.2.0pre10-2.0 Versatile, virtual-hosting FTP daemon
> It's the last version in security.debian.org
> I've tried to exploit it by login and sending:
> ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../
> and suddenly it began eating memory and getting slow all the system.
> When I killed proftpd, system was almost KO.
This is an old an known bug. It's fixed in the CVS tree and the
current unstable Version.
Have a look at the bugtracking System at www.proftpd.org
> Any solution??
There are a few PathDeny filters out to check this and other Versions
of this Bug.
The other solution is to upgrade to the very stable unstable version


Subject: Re: woody hanging
> WRT subject.
> $ apt-get install viagra ;-)
[Karsten M. Self in debian-user]

Reply to: