RE: proftpd exploit??

> -Original Message- > From: Marcelo Drudi Miranda [mailto:[EMAIL PROTECTED] > Sent: 26. svibanj 2001 4:49 > To: debian-security@lists.debian.org > Subject: Re: proftpd exploit?? > > > Em Thu, 24 May 2001 20:34:56 +0200 > Matthias Richter <[EMAIL PROT

RE: proftpd exploit??

> -Original Message- > From: Marcelo Drudi Miranda [mailto:[EMAIL PROTECTED]] > Sent: 26. svibanj 2001 4:49 > To: [EMAIL PROTECTED] > Subject: Re: proftpd exploit?? > > > Em Thu, 24 May 2001 20:34:56 +0200 > Matthias Richter <[EMAIL PROTECTED]> escrev

Re: proftpd exploit??

[EMAIL PROTECTED] writes: > Ok. I think that this thing is considered a DoS attack... > This "attack" can be turned off adding the following line to the > configuration file (- proftpd.conf -): [EMAIL PROTECTED]:/var/log $grep ^ftp /etc/security/limits.conf ftp hardrss

Re: proftpd exploit??

[EMAIL PROTECTED] writes: > Ok. I think that this thing is considered a DoS attack... > This "attack" can be turned off adding the following line to the > configuration file (- proftpd.conf -): [weikusat@karfinux]:/var/log $grep ^ftp /etc/security/limits.conf ftp hardrss

Re: proftpd exploit??

On Sat, May 26, 2001 at 02:49:02AM +, Marcelo Drudi Miranda wrote: > Em Thu, 24 May 2001 20:34:56 +0200 > Matthias Richter <[EMAIL PROTECTED]> escreveu: > > > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../]

Re: proftpd exploit??

On Sat, May 26, 2001 at 02:49:02AM +, Marcelo Drudi Miranda wrote: > Em Thu, 24 May 2001 20:34:56 +0200 > Matthias Richter <[EMAIL PROTECTED]> escreveu: > > > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../]

Re: proftpd exploit??

Matthias Richter wrote: > > Marcelo Drudi Miranda wrote on Sat May 26, 2001 at 02:49:02AM: > > Matthias Richter <[EMAIL PROTECTED]> escreveu: > > > > > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > > > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > > > > A

Re: proftpd exploit??

Marcelo Drudi Miranda wrote on Sat May 26, 2001 at 02:49:02AM: > Matthias Richter <[EMAIL PROTECTED]> escreveu: > > > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > > > Any solution?? > > > > This is a expl

Re: proftpd exploit??

Em Thu, 24 May 2001 20:34:56 +0200 Matthias Richter <[EMAIL PROTECTED]> escreveu: > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > > Any solution?? > This is a exploit or a Dos atack? -- __

Re: proftpd exploit??

Matthias Richter wrote: > > Marcelo Drudi Miranda wrote on Sat May 26, 2001 at 02:49:02AM: > > Matthias Richter <[EMAIL PROTECTED]> escreveu: > > > > > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > > > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > > > >

Re: proftpd exploit??

Marcelo Drudi Miranda wrote on Sat May 26, 2001 at 02:49:02AM: > Matthias Richter <[EMAIL PROTECTED]> escreveu: > > > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > > > Any solution?? > > > > This is a exp

Re: proftpd exploit??

Em Thu, 24 May 2001 20:34:56 +0200 Matthias Richter <[EMAIL PROTECTED]> escreveu: > Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: > [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > > Any solution?? > This is a exploit or a Dos atack? -- _

Re: proftpd exploit??

Hi!! Thanks to everybody (and sorry for my english 0:) ) I've choosed the DenyFilter option and everything goes OK again :- The user just get and "Forbidden command argument" message. ... and certainly I'm subcribing my account to the proftpd mailing list ;-) Thanks again -- 101 Things you

Re: proftpd exploit??

Zak Kipling wrote: > > On Thu, 24 May 2001, Andres Herrera wrote: > > > I've tried to exploit it by login and sending: > > ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../ > > and suddenly it began eating memory and getting slow all the system. > ... > > Any solution?? > > Resource limit

Re: proftpd exploit??

Zak Kipling wrote: > On Thu, 24 May 2001, Andres Herrera wrote: > > > I've tried to exploit it by login and sending: > > ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../ > > and suddenly it began eating memory and getting slow all the system. > ... > > Any solution?? > > Resource limits

Re: proftpd exploit??

There was a discussion on this on the proftpd mailing list. Go to www.proftpd.org and check the archives. If I can dredge the answer up from old saved email I'll post here. You might also want to join that mailing list for help on this and future issues. At 07:15 PM 5/24/2001 +0100, Zak K

Re: proftpd exploit??

On Thu, May 24, 2001 at 07:43:50PM +0200, Andres Herrera wrote: > Hi!! > > I have Potato in a machine, with > > ii proftpd1.2.0pre10-2.0 Versatile, virtual-hosting FTP daemon > > It's the last version in security.debian.org > > I've tried to exploit it by login and sending: > > ls ..

Re: proftpd exploit??

Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > Any solution?? There was mentioned a suggested entry (ment as an intermediate solution until proftpd has been fixed) to /etc/proftpd.conf: DenyFilter \*.*/ hth, Ma

Re: proftpd exploit??

On Thu, 24 May 2001, Andres Herrera wrote: > I've tried to exploit it by login and sending: > ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../ > and suddenly it began eating memory and getting slow all the system. ... > Any solution?? Resource limits on the ftp server process? Zak.

Re: proftpd exploit??

Hi!! Thanks to everybody (and sorry for my english 0:) ) I've choosed the DenyFilter option and everything goes OK again :- The user just get and "Forbidden command argument" message. ... and certainly I'm subcribing my account to the proftpd mailing list ;-) Thanks again -- 101 Things yo

Re: proftpd exploit??

Zak Kipling wrote: > > On Thu, 24 May 2001, Andres Herrera wrote: > > > I've tried to exploit it by login and sending: > > ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../ > > and suddenly it began eating memory and getting slow all the system. > ... > > Any solution?? > > Resource limi

Re: proftpd exploit??

On Thu, May 24, 2001 at 07:43:50PM +0200, Andres Herrera wrote: > Hi!! > > I have Potato in a machine, with > > ii proftpd1.2.0pre10-2.0 Versatile, virtual-hosting FTP daemon > > It's the last version in security.debian.org > > I've tried to exploit it by login and sending: > > ls .

Re: proftpd exploit??

Andres Herrera wrote on Thu May 24, 2001 at 07:43:50PM: [proftpd exploit ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../] > Any solution?? There was mentioned a suggested entry (ment as an intermediate solution until proftpd has been fixed) to /etc/proftpd.conf: DenyFilter \*.*/ hth, M

Re: proftpd exploit??

On Thu, 24 May 2001, Andres Herrera wrote: > I've tried to exploit it by login and sending: > ls ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../ > and suddenly it began eating memory and getting slow all the system. ... > Any solution?? Resource limits on the ftp server process? Zak. --