Vulnerability Development mailing list archives
RE: proftp DoS in debian stable?
From: "Simon Barr" <simon.barr () chelsing co uk>
Date: Tue, 5 Mar 2002 09:08:35 -0000
-----Original Message----- From: Joe Dollard [mailto:joed () devel livenote com] Sent: 28 February 2002 23:20 To: vuln-dev () securityfocus com Subject: proftp DoS in debian stable? My system is running debian stable with all patches installed (via apt-get from security.debian.org). My proftp daemon (as installed from the debian deb's - 1.2.0pre10-2.0) still seems vulnerable to the glob DoS attack, as discovered on the 15th March 2001. i.e. typing `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` results in 100% of the CPU and memory resources are consumed. (more info at http://proftpd.linux.co.uk/critbugs.html). No fix or work around seems in place in the debian stable deb's. Can anyone confirm the same behaviour on their system?
I can confirm this on a Debian potato box I have here. This box is also up to date via apt-get as of this morning. Simon Barr Systems Engineer Chelsing Assemblies Ltd Tel: 01992 554-566 Fax: 01992 553-644 E-mail: simon.barr () chelsing co uk
Current thread:
- proftp DoS in debian stable? Joe Dollard (Mar 04)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 06)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- Re: proftp DoS in debian stable? Felipe Franciosi (Mar 05)
- Re: proftp DoS in debian stable? Johannes Segitz (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)