> -----Original Message----- > From: Teodor Cimpoesu [mailto:teoat_private] > Sent: 05 March 2002 18:53 > To: vuln-devat_private > Subject: Re: proftp DoS in debian stable? > > > Hi Simon! > On Tue, 05 Mar 2002, Simon Barr wrote: > > Wasn't that a known issue at the time of 1.2.0pre following one in wu-ftpd > some time ago? > I think the simplest fix is to upgrade to a more recent version. > > -- teodor As far as apt-get is concerned this is the most recent version, but I suppose there is nothing stopping anyone downloading and installing the latest release. I tried the DenyFilter \*.*/ workaround mentioned at proftpd.linux.co.uk/critbugs.html and it seems fine with this line in the conf file. All you get now is: ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../ 200 PORT command successful. 550 */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../: Forbidden command argument ftp> Simon Barr
This archive was generated by hypermail 2b30 : Wed Mar 06 2002 - 09:28:19 PST