-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also tested, and vulnerable on: FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murrayat_private:/usr/src/sys/compile/GENERIC i386 Tested using the shells bash, csh, ksh, zsh. Chip - ----- Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/ - ----- On Wed, 3 Apr 2002 reaktorat_private wrote: > > Hello All, > > I can confirm that the ls strings dos' slackware 8.0. Causes shell process of that user (user or root) to chew up the cpu until the shell terminates on sig 11. > > Works on any shell the user is using, csh, ksh, bash > > Tested on: > Linux 2.2.19 #93 Thu Jun 21 01:09:03 PDT 2001 i586 unknown > SunOS 5.8 Generic_108528-12 sun4u sparc SUNW,Ultra-Enterprise > > Not Vuln: > OpenBSD 3.0 GENERIC#94 i386 > > Needs more investigation. > > Gilbert > > > At 03:40 PM 3/29/2002, martin f krafft wrote: > > ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* > > ... > > > DenyFilter \*.*/ > > Just as a quick question, why not deny the string "/../" (you may have to > deny the regex "/\.\./", depending how the filter in question works)? > > As far as I can tell, it's the ability to embed "/../" into a path that is > at the root of this, far more than the ability to embed wildcards. I can't > think of a situation in which "/../" should appear in a user-supplied path, > except after a string of repeated "../"s. > > The workaround suggested by Mr Krafft would disable some useful > functionality - one large user of mine, for instance, was keen to have my > own software evaluate wildcards in the body of the path, which Mr Krafft's > workaround disables completely. They even paid for the privilege (not > enough, but they paid ;-)) > > So, let's see, a regex that would deny "/../", except as part of a string > of such... > > One bash would be "[^/.].*/\.\./" - matching "/../" if it's after any > character other than '/' or '.'. Doubtless someone can come up with > something better. > > Alun. > ~~~~ > > -- > Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at > 1602 Harvest Moon Place | http://www.wftpd.com or email alunat_private > Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to > Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT. > > > Hush provide the worlds most secure, easy to use online applications - which solution is right for you? > HushMail Secure Email http://www.hushmail.com/ > HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ > Hush Business - security for your Business http://www.hush.com/ > Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ > > Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople > > ------------ Output from pgp ------------ > Pretty Good Privacy(tm) Version 6.5.8 > Internal development version only - not for general release. > (c) 1999 Network Associates Inc. > Export of this software may be restricted by the U.S. government. > File is signed. signature not checked. > Signature made 2002/04/04 05:51 GMT > key does not meet validity threshold. > WARNING: Because this public key is not certified with a trusted > signature, it is not known with high confidence that this public key > actually belongs to: "(KeyID: 0x91AB07A7)". > wiping file pgptemp.$00pattern is: 0xffffffff > pattern is: 0x666 > pattern is: 0xddd > pattern is: 0x333 > pattern is: 0x111 > pattern is: 0xbbb > pattern is: 0xfff > pattern is: 0x999 > pattern is: 0xffffffff > pattern is: 0x6db > pattern is: 0xccc > pattern is: 0x492 > pattern is: 0xdb6 > pattern is: 0xffffffff > pattern is: 0x249 > pattern is: 0x777 > pattern is: 0xaaa > pattern is: 0xeee > pattern is: 0x555 > pattern is: 0x444 > pattern is: 0x888 > pattern is: 0xb6d > pattern is: 0x0 > pattern is: 0x222 > pattern is: 0x924 > pattern is: 0xffffffff > wiping file pgptemp.$01pattern is: 0xffffffff > pattern is: 0x777 > pattern is: 0x222 > pattern is: 0x6db > pattern is: 0xbbb > pattern is: 0xb6d > pattern is: 0x666 > pattern is: 0x333 > pattern is: 0xffffffff > pattern is: 0xccc > pattern is: 0x924 > pattern is: 0xeee > pattern is: 0xaaa > pattern is: 0xffffffff > pattern is: 0xddd > pattern is: 0xfff > pattern is: 0x999 > pattern is: 0x888 > pattern is: 0x0 > pattern is: 0xdb6 > pattern is: 0x444 > pattern is: 0x249 > pattern is: 0x492 > pattern is: 0x555 > pattern is: 0x111 > pattern is: 0xffffffff > > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPKyICZuKtP8CSC69EQImIACfZE5iDHm4ug5FRhiq6jPqrL1VKrgAoIbU y58V4TmV1Du3rS1tas+lYUpu =dU2C -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Apr 04 2002 - 10:03:55 PST