Re: proftpd exploit??
- To: debian-security@lists.debian.org
- Subject: Re: proftpd exploit??
- From: Sven Hoexter <sven@telelev.net>
- Date: Thu, 24 May 2001 20:33:58 +0200
- Message-id: <20010524203358.A4068@sven.hoexterdom>
- Mail-followup-to: debian-security@lists.debian.org
- In-reply-to: <20010524194350.A732@central.casita>; from aherrerm@escomposlinux.org on Thu, May 24, 2001 at 07:43:50PM +0200
- References: <20010524194350.A732@central.casita>
On Thu, May 24, 2001 at 07:43:50PM +0200, Andres Herrera wrote:
> Hi!!
>
> I have Potato in a machine, with
>
> ii proftpd 1.2.0pre10-2.0 Versatile, virtual-hosting FTP daemon
>
> It's the last version in security.debian.org
>
> I've tried to exploit it by login and sending:
>
> ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../
>
> and suddenly it began eating memory and getting slow all the system.
>
> When I killed proftpd, system was almost KO.
This is an old an known bug. It's fixed in the CVS tree and the
current unstable Version.
Have a look at the bugtracking System at www.proftpd.org
> Any solution??
There are a few PathDeny filters out to check this and other Versions
of this Bug.
The other solution is to upgrade to the very stable unstable version
;-)
Sven
--
Subject: Re: woody hanging
> WRT subject.
> $ apt-get install viagra ;-)
[Karsten M. Self in debian-user]
Reply to: