This is, to put it politely, incredibly old news. Let's face it, if you give
a user a shell acount, with no restrictions on CPU time or memory usage,
yes, they will be able to suck up as much resources as the computer can
spare (this is, among other reasons why "nice" exists). I advise you place
li
This is, to put it politely, incredibly old news. Let's face it, if you give
a user a shell acount, with no restrictions on CPU time or memory usage,
yes, they will be able to suck up as much resources as the computer can
spare (this is, among other reasons why "nice" exists). I advise you place
l
also sprach Alun Jones <[EMAIL PROTECTED]> [2002.04.04.0445 +0200]:
> > DenyFilter \*.*/
>
> Just as a quick question, why not deny the string "/../" (you may have to
> deny the regex "/\.\./", depending how the filter in question works)?
quick answer: because i merely copied the fix from the s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also tested, and vulnerable on:
FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002
[EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386
Tested using the shells bash, csh, ksh, zsh.
Chip
- -
Chip McClure
Sr. Unix Administra
also sprach Alun Jones <[EMAIL PROTECTED]> [2002.04.04.0445 +0200]:
> > DenyFilter \*.*/
>
> Just as a quick question, why not deny the string "/../" (you may have to
> deny the regex "/\.\./", depending how the filter in question works)?
quick answer: because i merely copied the fix from the
On 3/29/02 3:40 PM martin f krafft said...
>dear bugtraq'ers,
>
>i must confess that the information i provided wrt the acclaimed DoS
>exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
>not fully accurate. the package *does in fact contain a buggy daemon*
>despite having been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also tested, and vulnerable on:
FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002
[EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386
Tested using the shells bash, csh, ksh, zsh.
Chip
- -
Chip McClure
Sr. Unix Administr
On 3/29/02 3:40 PM martin f krafft said...
>dear bugtraq'ers,
>
>i must confess that the information i provided wrt the acclaimed DoS
>exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
>not fully accurate. the package *does in fact contain a buggy daemon*
>despite having been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello All,
I can confirm that the ls strings dos' slackware 8.0. Causes shell process of
that user (user or root) to chew up the cpu until the shell terminates on sig
11.
Works on any shell the user is using, csh, ksh, bash
Tested on:
Linux 2.2.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello All,
I can confirm that the ls strings dos' slackware 8.0. Causes shell process of that
user (user or root) to chew up the cpu until the shell terminates on sig 11.
Works on any shell the user is using, csh, ksh, bash
Tested on:
Linux 2.2.1
At 03:40 PM 3/29/2002, martin f krafft wrote:
ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
...
DenyFilter \*.*/
Just as a quick question, why not deny the string "/../" (you may have to
deny the regex "/\.\./", depending how the filter in question works)?
As far a
At 03:40 PM 3/29/2002, martin f krafft wrote:
> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
...
> DenyFilter \*.*/
Just as a quick question, why not deny the string "/../" (you may have to
deny the regex "/\.\./", depending how the filter in question works)?
As far as
dear bugtraq'ers,
i must confess that the information i provided wrt the acclaimed DoS
exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
not fully accurate. the package *does in fact contain a buggy daemon*
despite having been fixed, according to the changelog:
proftpd (1.2
dear bugtraq'ers,
i must confess that the information i provided wrt the acclaimed DoS
exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
not fully accurate. the package *does in fact contain a buggy daemon*
despite having been fixed, according to the changelog:
proftpd (1.
14 matches
Mail list logo
