> -----Original Message----- > From: Joe Dollard [mailto:joedat_private] > Sent: 28 February 2002 23:20 > To: vuln-devat_private > Subject: proftp DoS in debian stable? > > > My system is running debian stable with all patches installed (via apt-get > from security.debian.org). My proftp daemon (as installed from the debian > deb's - 1.2.0pre10-2.0) still seems vulnerable to the glob DoS attack, as > discovered on the 15th March 2001. i.e. typing > `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` results > in 100% of the CPU and memory resources are consumed. > (more info at http://proftpd.linux.co.uk/critbugs.html). No fix or work > around seems in place in the debian stable deb's. > > Can anyone confirm the same behaviour on their system? > I can confirm this on a Debian potato box I have here. This box is also up to date via apt-get as of this morning. Simon Barr Systems Engineer Chelsing Assemblies Ltd Tel: 01992 554-566 Fax: 01992 553-644 E-mail: simon.barrat_private
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 10:08:38 PST