Bugtraq mailing list archives
RE: Multiple-Vendor-FTP-Vuln. (old?)
From: Michael Bellears <michael.bellears () staff datafx com au>
Date: Tue, 21 Aug 2001 08:43:54 +1000
Couldn't reproduce on Debian 2.2.... isp-server-03:/# proftpd -v - ProFTPD Version 1.2.0pre10 Remote system type is UNIX. Using binary mode to transfer files. ftp> bin 200 Type set to I. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*: Forbidden command argument ftp> quit 221 Goodbye. Regards, MB
-----Original Message----- From: Michael Faurot [mailto:mfaurot () atww org] Sent: Tuesday, 21 August 2001 5:20 AM To: bugtraq () securityfocus com Subject: Re: Multiple-Vendor-FTP-Vuln. (old?) Enrico Kern <IphantomI () web de> wrote: : Hi, : i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = : many new Linux-Dist.. This bug appears to still be present with Debian Stable (Potato) which uses ProFTPd v1.2.0pre10. -- -------------------------------------------------------------- ---------------- Michael | mfaurot | Give your child mental blocks for Christmas. Faurot | atww.org |
Current thread:
- Re: Multiple-Vendor-FTP-Vuln. (old?), (continued)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) jeev (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Scott Dier (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) Mike Jakubik (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Bernhard Rosenkraenzer (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Roman Drahtmueller (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Dmitriy Kropivnitskiy (Aug 21)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Michael Faurot (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Robert van der Meulen (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) E. van Elk (Aug 20)
- RE: Multiple-Vendor-FTP-Vuln. (old?) Michael Bellears (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) Michael Faurot (Aug 20)
- Re: Multiple-Vendor-FTP-Vuln. (old?) skip (Aug 20)