RE: Multiple-Vendor-FTP-Vuln. (old?)

From: Mike Jakubik (mikejat_private)
Date: Mon Aug 20 2001 - 12:14:55 PDT

Next message: E. van Elk: "RE: Multiple-Vendor-FTP-Vuln. (old?)"

Previous message: jeev: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
In reply to: Enrico Kern: "Multiple-Vendor-FTP-Vuln. (old?)"
Next in thread: E. van Elk: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi,
>
> i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on =
> many new Linux-Dist.. When a user logged in in ftp and type
> the ls command the in.ftpd takes over 90 percent cpu-usage and execute =
> the command 2 or 3x than the full system hang up. it also works in =
> console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ  =
> in march 01, but
> it still works so i post it again.
>
> affected:
>
> RedHat Linux 7.x
> Linux Mandrake 8.0
> SuSE Linux 7.2
> FreeBSD 4.3
> AiX V 4.3
> other?

FreeBSD 4.3 is NOT affected by this, your system code may be out of sync.
Yes, this is an old globing bug, almost all ftp daemons have been updated by
now. Distributions before the bugs announced day will of course be affected.

Next message: E. van Elk: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
Previous message: jeev: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
In reply to: Enrico Kern: "Multiple-Vendor-FTP-Vuln. (old?)"
Next in thread: E. van Elk: "RE: Multiple-Vendor-FTP-Vuln. (old?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 16:21:15 PDT