Hi Simon!
On Tue, 05 Mar 2002, Simon Barr wrote:
> > -----Original Message-----
> > From: Joe Dollard [mailto:joed_at_devel.livenote.com]
> > Sent: 28 February 2002 23:20
> > To: vuln-dev_at_securityfocus.com
> > Subject: proftp DoS in debian stable?
> >
> >
> > My system is running debian stable with all patches installed (via apt-get
> > from security.debian.org). My proftp daemon (as installed from the debian
> > deb's - 1.2.0pre10-2.0) still seems vulnerable to the glob DoS attack, as
> > discovered on the 15th March 2001. i.e. typing
> > `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` results
> > in 100% of the CPU and memory resources are consumed.
> > (more info at http://proftpd.linux.co.uk/critbugs.html). No fix or work
> > around seems in place in the debian stable deb's.
> >
> > Can anyone confirm the same behaviour on their system?
> >
>
> I can confirm this on a Debian potato box I have here. This box is also
> up to date via apt-get as of this morning.
>
Wasn't that a known issue at the time of 1.2.0pre following one in wu-ftpd
some time ago?
I think the simplest fix is to upgrade to a more recent version.
-- teodor
Received on Mar 05 2002
Intro
