[22341] in bugtraq
RE: Multiple-Vendor-FTP-Vuln. (old?)
daemon@ATHENA.MIT.EDU (Mike Jakubik)
Mon Aug 20 19:38:49 2001
From: "Mike Jakubik" <mikej@trigger.net>
To: "Enrico Kern" <IphantomI@web.de>, <bugtraq@securityfocus.com>
Date: Mon, 20 Aug 2001 15:14:55 -0400
Message-ID: <FMELKCEINAGGPLLNMKEOGEACCNAA.mikej@trigger.net>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <200108201320.f7KDKZK26818@mailgate4.cinetic.de>
> Hi,
>
> i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on =
> many new Linux-Dist.. When a user logged in in ftp and type
> the ls command the in.ftpd takes over 90 percent cpu-usage and execute =
> the command 2 or 3x than the full system hang up. it also works in =
> console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ =
> in march 01, but
> it still works so i post it again.
>
> affected:
>
> RedHat Linux 7.x
> Linux Mandrake 8.0
> SuSE Linux 7.2
> FreeBSD 4.3
> AiX V 4.3
> other?
FreeBSD 4.3 is NOT affected by this, your system code may be out of sync.
Yes, this is an old globing bug, almost all ftp daemons have been updated by
now. Distributions before the bugs announced day will of course be affected.
