a quick note, Winsock FTPD 3.00 pro and 2.41
(maybe prior) are vulnerable
Thanks for the note - we released 3.00 R4 last week
to fix this vulnerability. [We now refuse to list any
parameter list containing /..]
PS: Serv-U ftp doesn't seem to be vulnerable
No duh - Serv-U doesn't bother
a quick note, Winsock FTPD 3.00 pro and 2.41 (maybe prior) are vulnerable
to this bug as well, i tested it on a WindowsNT 4.0 box, wftpd seems to push cpu
usage to 100%, another thing concerning wftpd is that if a user isn't
restricted to his own directory, the ftpd falls in an endless loop
Stefan Laudat writes:
Hi Aleph,
Please add this to the 'quick fix collection'. Thanks.
ftp ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
disable globbing symbols with: DenyFilter "[\*\?]" ?
... and as a quick fix for nasty shell users having bash prompts on
ftp ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
disable globbing symbols with: DenyFilter "[\*\?]" ?
... and as a quick fix for nasty shell users having bash prompts on your machine,
just
enter 'set -f' in the /etc/profile. Of course, until we will get a fixed bash
On Mon, Mar 19, 2001 at 10:24:43AM -0700, Elias Levy wrote:
From: "Thomas Maxwell" [EMAIL PROTECTED]
I've encountered another issue with ProFTPD 1.2.0rc3.
Upon running:
The current version is 1.2.1, rc3 should not be used in production
environments.
[...]
From: "Dan Harkless" [EMAIL
OpenBSD 2.8 (from cd) goes to 100% CPU. Just ftpd, sshd and telnetd
running.
ftpd ran from /etc/rc shell is bash relevant system info: Pentium 133
32Meg ram, 4Gig hard drive 100baseT nic.
Connected to 127.0.0.1.
220 phobos FTP server (Version 6.5/OpenBSD) ready.
Name (127.0.0.1:luser): luser
ftp ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
disable globbing symbols with: DenyFilter "[\*\?]" ?
--
Pawe Wilk [EMAIL PROTECTED] - Poland.com sa -
1024D/FF0D20A9: 3B4A 55BA B502 9C4D D7ED 5643 BC7C F62D FF0D 20A9
D. J. Bernstein écrit:
The FTP specification doesn't require servers to support .. and *.
Indeed, it was just popularized by servers calling an extern "ls"
program.
FTP does, however, include an NLST command that lists all files in the
current directory, and a CWD command that switches to
On Mon, Mar 19, 2001 at 10:24:43AM -0700, Elias Levy wrote:
From: Liviu Sas [EMAIL PROTECTED]
Looks like bash 2.04.0(1)-release an linux, and older are also vulnerable
to this bug ...
a `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` comand
makes bash eat all memory and
The FTP specification doesn't require servers to support .. and *. In
fact, it doesn't even mention .. and *. Naturally, publicfile's ftpd
treats * as just another character, and converts . to : after slashes.
FTP does, however, include an NLST command that lists all files in the
current
This does work on FreeBSD 4-stable as well (ftp announces itself
as(Version 6.00LS)).
This should probably work on any ftp that uses an external ls command,
and other than making ftpd friendly for use by login.conf (which would
mean what? ftpd dropping privileges to the user once a connection is
- PureFTPd (any version) is not vulnerable. Result is "Simplified wildcard
expression to *" and the 'ls *' output.
In an ironic twist, PureFTPd (of which you are apparently the author), is
indeed vulnerable to this globbing bug, using variants of the string you
previously posted. Try:
NcFTPd Server is not vulnerable to the globbing denial-of-service bug that
affects a multitude of UNIX FTP servers.
I'd like to give a gentle reminder that NcFTPd is free for personal use
(3-user license) and educational sites, so don't be shy about upgrading to a
mature FTP server that has
- Proftpd built-in 'ls' command has a globbing bug that allows remote
denial-of-service.
Here's a simple exploit, tested on the Proftpd site :
$ ftp ftp.proftpd.org
...
Name (ftp.proftpd.org:j): ftp
...
230 Anonymous access granted, restrictions apply.
Remote system type is UNIX.
Using binary
14 matches
Mail list logo
