Re: proftpd exploit??

To: debian-security@lists.debian.org
Subject: Re: proftpd exploit??
From: Sven Hoexter <sven@telelev.net>
Date: Thu, 24 May 2001 20:33:58 +0200
Message-id: <20010524203358.A4068@sven.hoexterdom>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20010524194350.A732@central.casita>; from aherrerm@escomposlinux.org on Thu, May 24, 2001 at 07:43:50PM +0200
References: <20010524194350.A732@central.casita>

On Thu, May 24, 2001 at 07:43:50PM +0200, Andres Herrera wrote:
> Hi!!
> 
> I have Potato in a machine, with 
> 
> ii  proftpd        1.2.0pre10-2.0 Versatile, virtual-hosting FTP daemon
> 
> It's the last version in security.debian.org
> 
> I've tried to exploit it by login and sending:
> 
> ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../
> 
> and suddenly it began eating memory and getting slow all the system.
> 
> When I killed proftpd, system was almost KO.
This is an old an known bug. It's fixed in the CVS tree and the
current unstable Version.
Have a look at the bugtracking System at www.proftpd.org
 
> Any solution??
There are a few PathDeny filters out to check this and other Versions
of this Bug.
The other solution is to upgrade to the very stable unstable version
;-)

Sven

-- 
Subject: Re: woody hanging
> WRT subject.
> $ apt-get install viagra ;-)
[Karsten M. Self in debian-user]

Reply to:

References:
- proftpd exploit??
  - From: Andres Herrera <aherrerm@escomposlinux.org>

Prev by Date: Re: proftpd exploit??
Next by Date: Re: proftpd exploit??
Previous by thread: RE: proftpd exploit??
Next by thread: Re: proftpd exploit??
Index(es):
- Date
- Thread