Bugtraq mailing list archives
Re: Multiple vendors FTP denial of service
From: Markku Savela <msa () BURP TKV ASDF ORG>
Date: Thu, 22 Mar 2001 00:29:46 +0200
ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*disable globbing symbols with: DenyFilter "[\*\?]" ?
... and as a quick fix for nasty shell users having bash prompts on your machine, just enter 'set -f' in the /etc/profile. Of course, until we will get a fixed bash or a fixed libc(?).
Is this the same ages old bug of too simple minded wild card matching algorithm (plagued IRC years ago and was trivially fixed by a globbing algorithm, that didn't have this problem). I would have expected libs to have been fixed already... To test if your system/shell has a bad globbing algorithm, just do touch aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ls *a*a*a*a*a*a*a*a*a*a*a*a*a*a*b* and see if it freezes...
Current thread:
- Re: Multiple vendors FTP denial of service, (continued)
- Re: Multiple vendors FTP denial of service Mike Gleason (Mar 16)
- Re: Multiple vendors FTP denial of service Crist Clark (Mar 19)
- Re: Multiple vendors FTP denial of service JT (Mar 19)
- Re: Multiple vendors FTP denial of service D. J. Bernstein (Mar 19)
- Re: Multiple vendors FTP denial of service jedi (Mar 20)
- Re: Multiple vendors FTP denial of service Pawel Wilk (Mar 20)
- Re: Multiple vendors FTP denial of service Interstellar Overdrive (Mar 23)
- Re: Multiple vendors FTP denial of service Stefan Laudat (Mar 21)
- Re: Multiple vendors FTP denial of service Nate Eldredge (Mar 22)
- Re: Multiple vendors FTP denial of service peterw (Mar 22)
- Re: Multiple vendors FTP denial of service Markku Savela (Mar 22)
- Multiple vendors FTP denial of service Peter Timothey Hessler (Mar 21)
- Re: Multiple vendors FTP denial of service Mike Gleason (Mar 16)