ftpd security fixes?

To: debian-user@lists.debian.org
Subject: ftpd security fixes?
From: aphro@portal.aphroland.org
Date: Fri, 6 Apr 2001 13:01:54 -0700
Message-id: <[🔎] 20010406130154.A16559@portal.aphroland.org>

anyone hear about any security fixes for ftpds that were
found a few weeks ago ? haven't seen any news on 
security.debian.org. 

seems the ftp bugs are much more serious then the ntp
bugs :) (e.g. 100x more people running ftpds then
ntpds ..)

last time i tried to exploit it on my desktop system
memory was comsumed at about 15MB per second.

the bug im referrin to is when u login to a ftpd
(wuftpd excluded it wasn't affected) and do this:
ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*

you can pretty much kill the system. proftpd has a workaround
and also a patch, but my systems are running the openbsd
ftpd ..which traditionally has seemed to be mroe secure
then proftpd or wuftpd but it was also affected.

haven't noticed other updates from other linux vendors
so im curious .....

thanks for any info ..

nate

Reply to:

Follow-Ups:
- Re: ftpd security fixes?
  - From: Brandon High <armitage@freaks.com>

Prev by Date: Re: matlab - scilab
Next by Date: char-major-10-135
Previous by thread: Re: Moving to a new hd
Next by thread: Re: ftpd security fixes?
Index(es):
- Date
- Thread