Re: proftp DoS in debian stable?

To: Debian Security List <debian-security@lists.debian.org>
Subject: Re: proftp DoS in debian stable?
From: "Francesco P. Lovergine" <frankie@debian.org>
Date: Wed, 6 Mar 2002 18:26:16 +0100
Message-id: <[🔎] 20020306172616.GA5652@localhost.localdomain>
Mail-followup-to: Debian Security List <debian-security@lists.debian.org>
In-reply-to: <[🔎] 20020306094845.O2641@morgul.net>
References: <20020305200635.280F.RHANSCHA@terra.com.br> <005401c1c4a7$ee994850$8001a8c0@phaedrus> <20020305215038.2821.RHANSCHA@terra.com.br> <20020306093603.GB2044@firewall.iesi.ba.cnr.it> <[🔎] 20020306094845.O2641@morgul.net>

On Wed, Mar 06, 2002 at 09:48:46AM -0500, Noah L. Meyerhans wrote:
> On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote:
> > 
> > potato version is not exploitable (patched with a backported hack many
> > months ago).  See old DSA on www.debian.org.
> > 
> 
> No, it is still vulnerable.  I have confirmed for myself that the fix
> applied in the DSA did not eliminate the DoS.  The only way to be safe
> right now is to add the following to /etc/proftpd.conf:
> <Global>
>   DenyFilter                    \*.*/
> </Global>
> 
> The problem is not likely with proftpd, but with glibc.  I am going to
> begin investigating fixes ASAP.
> 
> noah
> 

glibc has been patched for glob problems too.
There is a not too old thread about the same subject...


-- 
Francesco P. Lovergine

Reply to:

Follow-Ups:
- Re: proftp DoS in debian stable?
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

References:
- Re: proftp DoS in debian stable?
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: Re: Stupid Question - Proxy Internals
Next by Date: Re: Securing bind..
Previous by thread: Re: proftp DoS in debian stable?
Next by thread: Re: proftp DoS in debian stable?
Index(es):
- Date
- Thread