Re: proftpd exploit??
On Thu, May 24, 2001 at 07:43:50PM +0200, Andres Herrera wrote:
> I have Potato in a machine, with
> ii proftpd 1.2.0pre10-2.0 Versatile, virtual-hosting FTP daemon
> It's the last version in security.debian.org
> I've tried to exploit it by login and sending:
> ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../
> and suddenly it began eating memory and getting slow all the system.
> When I killed proftpd, system was almost KO.
This is an old an known bug. It's fixed in the CVS tree and the
current unstable Version.
Have a look at the bugtracking System at www.proftpd.org
> Any solution??
There are a few PathDeny filters out to check this and other Versions
of this Bug.
The other solution is to upgrade to the very stable unstable version
Subject: Re: woody hanging
> WRT subject.
> $ apt-get install viagra ;-)
[Karsten M. Self in debian-user]