Re: DoS in debian (potato) proftpd

From: martin f krafft (madduckat_private)
Date: Tue Mar 26 2002 - 15:37:59 PST

Next message: Mario Lorenz: "Re: RCA cable modem Deny of Service"

Previous message: Florian Weimer: "Re: DebPloit (exploit)"
In reply to: Joe Dollard: "DoS in debian (potato) proftpd"
Next in thread: martin f krafft: "Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1"
Reply: martin f krafft: "Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

also sprach Joe Dollard <joedat_private> [2002.03.25.2114 +0100]:
> 	The version of proftp that is in debian potato (1.2.0pre10 as
> 	reported by running 'proftpd -v ') is vulnerable to a glob DoS
> 	attack, as discovered on the 15th March 2001. You can verify this
> 	bug by logging in to a server running debian stable's proftpd and
> 	type "ls
> 	*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*".
> 	This results with 100% of the CPU and memory resources being
> 	consumed (more info at http://proftpd.linux.co.uk/critbugs.html),

(please fix your line wraps!)

security.debian.org has proftpd_1.2.0pre10-2.0potato1 which does not
contain this bug, at least not on i386 systems:

fishbowl:~> ncftp lapse.home.madduck.net
NcFTP 3.1.2 (Jan 28, 2002) by Mike Gleason (ncftpat_private).
Connecting to 192.168.14.3
ProFTPD 1.2.0pre10 Server (Debian) [lapse.home.madduck.net]
Logging in...

Anonymous access granted, restrictions apply.
Logged in to localhost.
ncftp / > ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/.././fw1-4.1-sp3@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../../fw1-4.1-sp3@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../fw1-4.1-sp3@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/.././fw1-4.1-sp4@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../../fw1-4.1-sp4@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../fw1-4.1-sp4@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/.././fw1-4.1-sp5@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../../fw1-4.1-sp5@
lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../lics/../fw1-4.1-sp5@

<and on for another screen full>

fishbowl:~> ssh lapse 'cat /etc/debian_version; uname -a'
2.2r5
Linux lapse 2.2.20 #1 Tue Feb 12 14:22:30 CET 2002 i486

regards,

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
 
"i'm always frank and earnest with women.
 uh, in new york i'm frank, and in chicago i'm ernest."
                                            -- the long kiss goodnight

application/pgp-signature attachment: stored

Next message: Mario Lorenz: "Re: RCA cable modem Deny of Service"
Previous message: Florian Weimer: "Re: DebPloit (exploit)"
In reply to: Joe Dollard: "DoS in debian (potato) proftpd"
Next in thread: martin f krafft: "Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1"
Reply: martin f krafft: "Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 27 2002 - 14:52:10 PST