[19657] in bugtraq
[Bug 1066] Changed - Globbing bug - denial of service (fwd)
daemon@ATHENA.MIT.EDU (jedi@CLARANET.FR)
Thu Mar 15 11:48:37 2001
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=_0_15625_984657486";
charset="iso-8859-1"
Message-ID: <20010315115806.7EBBED97B@mail.fr.clara.net>
Date: Thu, 15 Mar 2001 11:58:06 GMT
Reply-To: jedi@CLARANET.FR
From: jedi@CLARANET.FR
To: BUGTRAQ@SECURITYFOCUS.COM
This is a MIME-formatted message. If you see this text it means that your
mail software cannot handle MIME-formatted messages.
--=_0_15625_984657486
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
The globbing bug has been confirmed and tracked by the Proftpd team.
--
-=- Frank DENIS aka Jedi/Sector One <j@c9x.org> -=-
"If Bill Gates had a dime for every time a Windows box crashed...
... Oh, wait a minute, he already does."
--=_0_15625_984657486
Content-Type: message/rfc822
Return-Path: <bugs@bastard.inflicted.net>
Delivered-To: jedi@claranet.fr
Received: from rmx306-mta.mail.com (rmx306-mta.mail.com [165.251.48.168])
by mail.fr.clara.net (Postfix) with ESMTP id D65EED984
for <jedi@claranet.fr>; Thu, 15 Mar 2001 12:26:27 +0100 (CET)
Received: from smv08.iname.net (smv08.iname.net [165.251.8.74])
by rmx306-mta.mail.com (8.9.3/8.9.3) with ESMTP id GAA10330
for <jedi@claranet.fr>; Thu, 15 Mar 2001 06:26:27 -0500 (EST)
Received: from bastard.inflicted.net (bastard.inflicted.net [216.10.33.10])
by smv08.iname.net (8.9.3/8.9.1SMV2) with ESMTP id GAA26464
for <j@4u.net> sent by <bugs@bastard.inflicted.net>; Thu, 15 Mar 2001 06:26:26 -0500 (EST)
Received: (from bugs@localhost)
by bastard.inflicted.net (8.9.3/8.9.3/Debian 8.9.3-21) id GAA23628;
Thu, 15 Mar 2001 06:17:47 -0500
Date: Thu, 15 Mar 2001 06:17:47 -0500
Message-Id: <200103151117.GAA23628@bastard.inflicted.net>
From: proftpd-devel@proftpd.org
To: proftpd-committers@proftpd.org, j@4u.net
Cc:
Subject: [Bug 1066] Changed - Globbing bug - denial of service
Sender: bugs@bastard.inflicted.net
http://bugs.proftpd.org/show_bug.cgi?id=1066
*** shadow/1066 Thu Mar 15 03:43:52 2001
--- shadow/1066.tmp.23624 Thu Mar 15 06:17:47 2001
***************
*** 4,11 ****
| Bug #: 1066 Product: ProFTPD |
| Status: NEW Version: 1.2.1 |
| Resolution: Platform: All |
! | Severity: major OS/Version: Linux |
! | Priority: P3 Component: mod_ls |
+----------------------------------------------------------------------------+
| Assigned To: proftpd-committers@proftpd.org |
| Reported By: j@4u.net |
--- 4,11 ----
| Bug #: 1066 Product: ProFTPD |
| Status: NEW Version: 1.2.1 |
| Resolution: Platform: All |
! | Severity: critical OS/Version: Linux |
! | Priority: P5 Component: mod_ls |
+----------------------------------------------------------------------------+
| Assigned To: proftpd-committers@proftpd.org |
| Reported By: j@4u.net |
***************
*** 19,21 ****
--- 19,24 ----
ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
takes 100% cpu time and can lead into a denial-of-service.
+
+ ------- Additional Comments From droesen@entire-systems.com 2001-03-15 06:17 -------
+ Confirmed.
\ No newline at end of file
--=_0_15625_984657486--
