[22340] in bugtraq
RE: Multiple-Vendor-FTP-Vuln. (old?)
daemon@ATHENA.MIT.EDU (jeev)
Mon Aug 20 19:35:28 2001
Date: Mon, 20 Aug 2001 14:29:30 -0700
From: jeev <geonap@pacbell.net>
In-reply-to: <002101c129b7$bbd0c5a0$0500a8c0@glombait>
To: bugtraq@securityfocus.com
Message-id: <000501c129bf$32cf18d0$0100a8c0@jeev>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Tested on slack 8 with 1.2.2rc3 no problem, and with 1.2.2 no problem:
ftp> ls /../*/../*/../*/../*/../*/../*/../*
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
226-Out of memory during globbing of /../*/../*/../*/../*/../*/../*/../*
226 Transfer complete.
ftp>
j
-----Original Message-----
From: skip [mailto:skip@fif3.com]
Sent: Monday, August 20, 2001 1:36 PM
To: bugtraq@securityfocus.com
Subject: Re: Multiple-Vendor-FTP-Vuln. (old?)
I just tested on Slackware 8 running ProFTPD Version 1.2.1
and no bug... or at least I received the directory listings and no
great CPU load was seen nor did my system hang. Tested via
localhost and a remote host.
----
- skip
----
- p.s. we sincerely apologize to all platypus enthusiasts out
- there who are offended by that thoughtless comment about
- the platypi. we love the noble platypus, and it is not our
- intention to slight these stupid creatures in any way.
----
