Vulnerability Development mailing list archives
proftp DoS in debian stable?
From: "Joe Dollard" <joed () devel livenote com>
Date: Fri, 1 Mar 2002 10:19:51 +1100
My system is running debian stable with all patches installed (via apt-get from security.debian.org). My proftp daemon (as installed from the debian deb's - 1.2.0pre10-2.0) still seems vulnerable to the glob DoS attack, as discovered on the 15th March 2001. i.e. typing `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` results in 100% of the CPU and memory resources are consumed. (more info at http://proftpd.linux.co.uk/critbugs.html). No fix or work around seems in place in the debian stable deb's. Can anyone confirm the same behaviour on their system? I contacted security () debian org about this on the 12th February, a discussion was entered but no resolution occurred. Contacted security () debian org again on the 21st of February and haven't received a response. Regards, Joe Dollard
Current thread:
- proftp DoS in debian stable? Joe Dollard (Mar 04)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 06)
- Re: proftp DoS in debian stable? Teodor Cimpoesu (Mar 05)
- Re: proftp DoS in debian stable? Felipe Franciosi (Mar 05)
- Re: proftp DoS in debian stable? Johannes Segitz (Mar 05)
- RE: proftp DoS in debian stable? Simon Barr (Mar 05)