[22345] in bugtraq
Re: Multiple-Vendor-FTP-Vuln. (old?)
daemon@ATHENA.MIT.EDU (Roman Drahtmueller)
Mon Aug 20 20:17:26 2001
Date: Tue, 21 Aug 2001 01:40:30 +0200 (MEST)
From: Roman Drahtmueller <draht@suse.de>
To: <bugtraq@securityfocus.com>
Cc: <security@suse.de>
In-Reply-To: <200108201320.f7KDKZK26818@mailgate4.cinetic.de>
Message-ID: <Pine.LNX.4.33.0108210132220.9532-100000@dent.suse.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
>
> i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on =
> many new Linux-Dist.. When a user logged in in ftp and type
> the ls command the in.ftpd takes over 90 percent cpu-usage and execute =
> the command 2 or 3x than the full system hang up. it also works in =
> console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ =
> in march 01, but
> it still works so i post it again.
>
> affected:
>
> RedHat Linux 7.x
> Linux Mandrake 8.0
> SuSE Linux 7.2
I wonder when or where you tested this. The proftpd package that can be
found in the /pub/suse/<arch>/update/*/n1/ directories on ftp.suse.com
(age: May 9th) do not show this behaviour and appears to be sane.
[...]
> Fix:
>
> set cpu-limit for your anonymous user.
I doubt that this solution is very efficient if you provide automatic
gzip (and maybe tar) service so that your users can get a directory
recursively in form of a tarfile by using the command
get directory_name.tar.gz
You'd have to choose...
Also recommended:
DenyFilter "%"
if there are more format string errors in the code, this might be an easy
workaround until the code is fixed in the right place.
Roman.
--
- -
| Roman Drahtmüller <draht@suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
