Bugtraq mailing list archives
Re: Pro/wuFTPD DoS
From: duncan () MULTIMANIA ORG (ga)
Date: Mon, 15 Feb 1999 15:51:44 -0000
This is the bash path overlow (up to 2.0.0) which has been fixed in bash v2.02. See bugtraq archive, http://geek-girl.com/bugtraq/1998_3/0765.html ga ---------- From: Ultor <Ultor () SOWATECH COM PL> To: BUGTRAQ () netspace org Subject: Re: Pro/wuFTPD DoS Date: 13 February 1999 18:18 Hi
yes, kills patched ProFTPD dead. -----snip----- #!/usr/local/bin/perl # ftpd thingy # bubba () bubba org
[CUTED]
-----snip----- Ken Williams jkwilli2 () csc ncsu edu
Hmmm i think that the problem here isn't overflow in ProFTPD.
Here is a proof.
first run attached 'sux' to make directories ...
----- snip -------
# pwd
/mnt/
# ./sux
ok now just cd that directories
# cd A*
[CUTED]
# cd A*
ultor:/mnt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA
# cd A*
Welcome to Linux 2.0.35.
ultor login:
----- snip -------
nice heh :)
Greeetz
-------------------------------------------------------------
"I hack the heads off little girls and put them on my wall"
ULT0R [Ultor () sowatech com pl] - NETWORK SECURITY ADVISER
----------
Current thread:
- Re: Pro/wuFTPD DoS Ultor (Feb 13)
- <Possible follow-ups>
- Re: Pro/wuFTPD DoS ga (Feb 15)
- Re: Pro/wuFTPD DoS CyberPsychotic (Feb 17)
- Re: Pro/wuFTPD DoS CyberPsychotic (Feb 19)
- Re: Pro/wuFTPD DoS Chris Wedgwood (Feb 20)
- Process table attack (from RISKS Digest) Mark Boolootian (Feb 20)
- LSOF exploit c0nd0r (Feb 21)
- Re: Process table attack (from RISKS Digest) Olle Segerdahl,D (Feb 22)
- Re: Process table attack (from RISKS Digest) Jan B. Koum (Feb 22)
- ANNOUNCE: Net::RawIP 0.06 has been released Sergey V. Kolychev (Feb 22)
- Summary: Copyright on Security advisories Aviram Jenik (Feb 22)
- Re: Process table attack (from RISKS Digest) Dug Song (Feb 22)
- Re: Pro/wuFTPD DoS Chris Wedgwood (Feb 20)