From: Ron DuFresne <[EMAIL PROTECTED]>
Regarding tftpd, is it as I suspect, subject to many of the same
exploitations as ftpd, remotely exploitable buffer overflows and all the
other sweet little nasties recently being documented?
From: Shane Youhouse <[EMAIL PROTECTED]>
Neither was glftpd
And I have found nothing better since first using it.
From: Jay DeSotel <[EMAIL PROTECTED]>
I'm running BeroFTPD-1.3.4, and it does not seem to efftect it at all, I
tried different variations of the string and still nothing....
From: [EMAIL PROTECTED]
FYI, I've just tested my own installations of the commercial NcFTPd package,
and it is not vulnerable to this attack so far as I can tell. If someone
want's to whang on my server, have at it, ftp.anastrophe.com, though I'd
appreciate an email ahead of time as a courtesy.
From: Laurent LEVIER <[EMAIL PROTECTED]>
The FTP daemon provided on Solaris 8 is also vulnerable
From: "Gregory A Lundberg" <[EMAIL PROTECTED]>
Anyone using _any_ version of BeroFTPD has worse problems than this and
should immediately upgrade to the current version: WU-FTPD 2.6.1.
From: Carlos Morgado <[EMAIL PROTECTED]>
In fact, the code is inherited from troll tech's ftpd (which means troll
ftpd is vulnerable) and not written by the Jedi fella.
From: "Thomas Maxwell" <[EMAIL PROTECTED]>
I've encountered another issue with ProFTPD 1.2.0rc3.
Upon running:
ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
The system would sit in an idle standpoint for an extended period
to time only to be
cancelled by myself.
Upon speaking with the target of the attack his system had all
system resources consumed and
was forced to reboot.
Filesystem is Linux 2.2.x
Fileserver is ProFTPD 1.2.0rc3
From: "Matus \"fantomas\" Uhlar" <[EMAIL PROTECTED]>
well,
proftpd 1.2.1
IS vulnerable to this problem on FreeBSD-4.2 on intel
proftpd 1.2.1 IS vulnerable to this problem on FreeBSD-4.2 on alpha
proftpd 1.2.0 IS vulnerable to this problem on FreeBSD-4.2 on alpha
From: "Dan Harkless" <[EMAIL PROTECTED]>
Note that one _shouldn't_ look on <http://www.proftpd.net/>, a "mistake" I
made. <http://www.proftpd.org/> used to redirect to .net, so I thought .net
was the canonical URL.
Looks like the two servers split on February 10, however, and proftpd.net's
"News" and "Critical Bugs" pages make no mention of this vulnerability.
Take note, y'all...
From: "Dino Amato" <[EMAIL PROTECTED]>
on RedHat 7.0 w/wuftp, this is what I get with this:
226 Transfer
complete.
ftp: 91 bytes received in 0.00Seconds 91000.00Kbytes/sec.
ftp> ls .*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/
200 PORT command successful.
550 No files found.
ftp> ls */.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/
200 PORT command successful.
550 */.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*: No such
file or directory.
ftp>
From: Liviu Sas <[EMAIL PROTECTED]>
Looks like bash 2.04.0(1)-release an linux, and older are also vulnerable
to this bug ...
a `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` comand
makes bash eat all memory and cpu available making the machine crash.
From: Arnt Gulbrandsen <[EMAIL PROTECTED]>
Troll-ftpd has been secure against "*/../*" since last time it was
mentioned on bugtraq, but it is not secure against variants like
"*/..*/*". I do not have a fix for this right now, but expect a fix soon.
I have to think a little. (I don't want any complex or feature-rich code.)
FYI, there won't be any more releases of troll-ftpd, except in cases of
security problems.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
