Re: proftpd exploit??

To: debian-security@lists.debian.org
Subject: Re: proftpd exploit??
From: Jamie Heilman <jamie@audible.transient.net>
Date: Thu, 24 May 2001 11:50:49 -0700
Message-id: <20010524115049.D356@audible.transient.net>
In-reply-to: <Pine.LNX.4.33.0105241913410.5419-100000@zk201.girton.cam.ac.uk>; from zk201@cam.ac.uk on Thu, May 24, 2001 at 07:15:45PM +0100
References: <20010524194350.A732@central.casita> <Pine.LNX.4.33.0105241913410.5419-100000@zk201.girton.cam.ac.uk>

Zak Kipling wrote:

> On Thu, 24 May 2001, Andres Herrera wrote:
> 
> > I've tried to exploit it by login and sending:
> > ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../
> > and suddenly it began eating memory and getting slow all the system.
> ...
> > Any solution??
> 
> Resource limits on the ftp server process?

Or a DenyFilter of \*.*/ as is recommended on the proftpd.org web site.
http://www.proftpd.org/critbugs.html

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle 
 into a lion's mouth and flicking his lovespuds with a wet towel, pure 
 insanity..."						-Rimmer

Reply to:

References:
- proftpd exploit??
  - From: Andres Herrera <aherrerm@escomposlinux.org>
- Re: proftpd exploit??
  - From: Zak Kipling <zk201@cam.ac.uk>

Prev by Date: Re: proftpd exploit??
Next by Date: Re: proftpd exploit??
Previous by thread: Re: proftpd exploit??
Next by thread: Re: proftpd exploit??
Index(es):
- Date
- Thread