Vulnerability Development mailing list archives
RE: proftp DoS in debian stable?
From: "Simon Barr" <simon.barr () chelsing co uk>
Date: Wed, 6 Mar 2002 09:31:13 -0000
-----Original Message----- From: Teodor Cimpoesu [mailto:teo () gecadsoftware com] Sent: 05 March 2002 18:53 To: vuln-dev () securityfocus com Subject: Re: proftp DoS in debian stable? Hi Simon! On Tue, 05 Mar 2002, Simon Barr wrote: Wasn't that a known issue at the time of 1.2.0pre following one in wu-ftpd some time ago? I think the simplest fix is to upgrade to a more recent version. -- teodor
As far as apt-get is concerned this is the most recent version, but I suppose there is nothing stopping anyone downloading and installing the latest release. I tried the DenyFilter \*.*/ workaround mentioned at proftpd.linux.co.uk/critbugs.html and it seems fine with this line in the conf file. All you get now is: ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../ 200 PORT command successful. 550 */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../: Forbidden command argument ftp> Simon Barr
Current thread:
- proftp DoS in debian stable? Joe Dollard (Mar 04)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 06)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- Re: proftp DoS in debian stable? Felipe Franciosi (Mar 05)
- Re: proftp DoS in debian stable? Johannes Segitz (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)