Couldn't reproduce on Debian 2.2.... isp-server-03:/# proftpd -v - ProFTPD Version 1.2.0pre10 Remote system type is UNIX. Using binary mode to transfer files. ftp> bin 200 Type set to I. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*: Forbidden command argument ftp> quit 221 Goodbye. Regards, MB > -----Original Message----- > From: Michael Faurot [mailto:mfaurotat_private] > Sent: Tuesday, 21 August 2001 5:20 AM > To: bugtraqat_private > Subject: Re: Multiple-Vendor-FTP-Vuln. (old?) > > > Enrico Kern <IphantomIat_private> wrote: > : Hi, > > : i tested an old proftpd bug (ls > /../*/../*/../*/../*/../*/../*/../*) on = > : many new Linux-Dist.. > > This bug appears to still be present with Debian Stable (Potato) which > uses ProFTPd v1.2.0pre10. > > -- > -------------------------------------------------------------- > ---------------- > Michael | mfaurot | Give your child mental blocks for Christmas. > Faurot | atww.org | >
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 16:03:06 PDT