Re: proftpd exploit??
- To: firstname.lastname@example.org
- Subject: Re: proftpd exploit??
- From: Sven Hoexter <email@example.com>
- Date: Thu, 24 May 2001 20:33:58 +0200
- Message-id: <20010524203358.A4068@sven.hoexterdom>
- Mail-followup-to: firstname.lastname@example.org
- In-reply-to: <20010524194350.A732@central.casita>; from email@example.com on Thu, May 24, 2001 at 07:43:50PM +0200
- References: <20010524194350.A732@central.casita>
On Thu, May 24, 2001 at 07:43:50PM +0200, Andres Herrera wrote:
> I have Potato in a machine, with
> ii proftpd 1.2.0pre10-2.0 Versatile, virtual-hosting FTP daemon
> It's the last version in security.debian.org
> I've tried to exploit it by login and sending:
> ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../
> and suddenly it began eating memory and getting slow all the system.
> When I killed proftpd, system was almost KO.
This is an old an known bug. It's fixed in the CVS tree and the
current unstable Version.
Have a look at the bugtracking System at www.proftpd.org
> Any solution??
There are a few PathDeny filters out to check this and other Versions
of this Bug.
The other solution is to upgrade to the very stable unstable version
Subject: Re: woody hanging
> WRT subject.
> $ apt-get install viagra ;-)
[Karsten M. Self in debian-user]