Re: (linux-br) [INFO] Bug no proftpd

Andreas Hasenack Fri, 16 Mar 2001 06:41:29 -0800

Em Fri, Mar 16, 2001 at 09:12:00AM -0300, Walter Rodrigo de Sá Cruz escreveu:
> http://bugs.proftpd.org/show_bug.cgi?id=1066
> 
> versão 1.2.1
> 
> The following command :
> 
> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
> 
> takes 100% cpu time and can lead into a denial-of-service.

Complementando:

------- Additional Comments From Daniel Roesen 2001-03-15 14:25 -------

OK, this DenyFilter was not strict enough. Better use:

<Global>
    DenyFilter   \*.*/
</Global>

This prevents all globbing attacks we can imagine.



Assinantes em 16/03/2001: 2215
Mensagens recebidas desde 07/01/1999: 104022
Historico e [des]cadastramento: http://linux-br.conectiva.com.br
Assuntos administrativos e problemas com a lista: 
            mailto:[EMAIL PROTECTED]

Re: (linux-br) [INFO] Bug no proftpd

Responder a