Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Mar 2001 20:17:00 est
From:      "Antonio Carlos Pina" <apina@infolink.com.br>
To:        freebsd-security@freebsd.org
Subject:   Re: Multiple vendors FTP denial of service (fwd)
Message-ID:  <3ab14d6c.31f.0@infolink.com.br>
next in thread | raw e-mail | index | archive | help 
Hello,

Actually I think this highly depends on HOW MANY files and 
directories FTPD can access.

I didn't see any damage with a jailed FTPD with 1 directoy and 2 
files.

Best Regards,

>I think so. With 4.2-STABLE in an anonymous session we got 100% CPU
>until we kill ftpd.
>
>> > FreeBSD isn't listed, but also vulnerable, at least with the 
FTPd in
>> > -STABLE.
>> 
>> Sure?
>> 
>> With 4.2-REL:
>> 
>> Remote system type is UNIX.
>> Using binary mode to transfer files.
>> ftp> ls 
*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
>> 150 Opening ASCII mode data connection for '/bin/ls'.
>> 226 Transfer complete.
>> ftp>
>> ftp> ls
>> 150 Opening ASCII mode data connection for '/bin/ls'.
>> total 13
>> -rw-r--r--  1 fpscha  wheel   628 27 dic 10:38 .cshrc
>> drwx------  2 fpscha  wheel   512 29 dic 13:17 .elm
>> -rw-------  1 fpscha  wheel  1517 20 feb 09:28 .history
>> -rw-r--r--  1 fpscha  wheel   299 27 dic 10:38 .login
>> 
>> [Everything normal, I mean]
>> 
>> 
>> Regards.
>> 
>> Fernando P. Schapachnik
>> Administraci=F3n de la red
>> VIA NET.WORKS ARGENTINA S.A.
>> fschapachnik@vianetworks.com.ar
>> Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA
>> 
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-security" in the body of the message
>> 
>
>-- 
> Frederico A C Neves              Registro .br - R.Pio XI, 1500
> +55 11 3838-4130             S=E3o Paulo, SP, Brazil - 05468-901
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>

Cordialmente,
Antonio Carlos Pina
apina@infolink.com.br
Diretor de Tecnologia (CTO)
http://www.infolink.com.br


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ab14d6c.31f.0>