Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: proftp DoS in debian stable?

proftp DoS in debian stable?

From: Joe Dollard <joed_at_devel.livenote.com>
Date: Fri, 1 Mar 2002 10:19:51 +1100

My system is running debian stable with all patches installed (via apt-get
from security.debian.org). My proftp daemon (as installed from the debian
deb's - 1.2.0pre10-2.0) still seems vulnerable to the glob DoS attack, as
discovered on the 15th March 2001. i.e. typing
`ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` results
in 100% of the CPU and memory resources are consumed.
 (more info at http://proftpd.linux.co.uk/critbugs.html). No fix or work
around seems in place in the debian stable deb's.

Can anyone confirm the same behaviour on their system?

I contacted security_at_debian.org about this on the 12th February, a
discussion was entered but no resolution occurred. Contacted
security_at_debian.org again on the 21st of February and haven't received a
response.

Regards,
Joe Dollard
Received on Mar 05 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]