Vulnerability Development: RE: proftp DoS in debian stable?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: proftp DoS in debian stable?

From: "Simon Barr" <simon.barr () chelsing co uk>
Date: Wed, 6 Mar 2002 09:31:13 -0000

-----Original Message-----
From: Teodor Cimpoesu [mailto:teo () gecadsoftware com]
Sent: 05 March 2002 18:53
To: vuln-dev () securityfocus com
Subject: Re: proftp DoS in debian stable?

Hi Simon!
On Tue, 05 Mar 2002, Simon Barr wrote:

Wasn't that a known issue at the time of 1.2.0pre following one in wu-ftpd
some time ago?
I think the simplest fix is to upgrade to a more recent version.

-- teodor


As far as apt-get is concerned this is the most recent version, but I
suppose there is nothing stopping anyone downloading and installing
the latest release.
I tried the DenyFilter \*.*/ workaround mentioned at
proftpd.linux.co.uk/critbugs.html
and it seems fine with this line in the conf file.  All you get now
is:
ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../
200 PORT command successful.
550 */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../: Forbidden
command argument
ftp>


Simon Barr

By Date By Thread

Current thread:

proftp DoS in debian stable? Joe Dollard (Mar 04)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)
  - Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
    - RE: proftp DoS in debian stable? Simon Barr (Mar 06)
- Re: proftp DoS in debian stable? Felipe Franciosi (Mar 05)
- Re: proftp DoS in debian stable? Johannes Segitz (Mar 05)