This is, to put it politely, incredibly old news. Let's face it, if you give
a user a shell acount, with no restrictions on CPU time or memory usage,
yes, they will be able to suck up as much resources as the computer can
spare (this is, among other reasons why "nice" exists). I advise you place
li
This is, to put it politely, incredibly old news. Let's face it, if you give
a user a shell acount, with no restrictions on CPU time or memory usage,
yes, they will be able to suck up as much resources as the computer can
spare (this is, among other reasons why "nice" exists). I advise you place
l
also sprach Alun Jones <[EMAIL PROTECTED]> [2002.04.04.0445 +0200]:
> > DenyFilter \*.*/
>
> Just as a quick question, why not deny the string "/../" (you may have to
> deny the regex "/\.\./", depending how the filter in question works)?
quick answer: because i merely copied the fix from the s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also tested, and vulnerable on:
FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002
[EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386
Tested using the shells bash, csh, ksh, zsh.
Chip
- -
Chip McClure
Sr. Unix Administra
also sprach Alun Jones <[EMAIL PROTECTED]> [2002.04.04.0445 +0200]:
> > DenyFilter \*.*/
>
> Just as a quick question, why not deny the string "/../" (you may have to
> deny the regex "/\.\./", depending how the filter in question works)?
quick answer: because i merely copied the fix from the
On 3/29/02 3:40 PM martin f krafft said...
>dear bugtraq'ers,
>
>i must confess that the information i provided wrt the acclaimed DoS
>exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
>not fully accurate. the package *does in fact contain a buggy daemon*
>despite having been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Also tested, and vulnerable on:
FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002
[EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386
Tested using the shells bash, csh, ksh, zsh.
Chip
- -
Chip McClure
Sr. Unix Administr
On 3/29/02 3:40 PM martin f krafft said...
>dear bugtraq'ers,
>
>i must confess that the information i provided wrt the acclaimed DoS
>exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
>not fully accurate. the package *does in fact contain a buggy daemon*
>despite having been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello All,
I can confirm that the ls strings dos' slackware 8.0. Causes shell process of
that user (user or root) to chew up the cpu until the shell terminates on sig
11.
Works on any shell the user is using, csh, ksh, bash
Tested on:
Linux 2.2.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello All,
I can confirm that the ls strings dos' slackware 8.0. Causes shell process of that
user (user or root) to chew up the cpu until the shell terminates on sig 11.
Works on any shell the user is using, csh, ksh, bash
Tested on:
Linux 2.2.1
At 03:40 PM 3/29/2002, martin f krafft wrote:
ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
...
DenyFilter \*.*/
Just as a quick question, why not deny the string "/../" (you may have to
deny the regex "/\.\./", depending how the filter in question works)?
As far a
At 03:40 PM 3/29/2002, martin f krafft wrote:
> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
...
> DenyFilter \*.*/
Just as a quick question, why not deny the string "/../" (you may have to
deny the regex "/\.\./", depending how the filter in question works)?
As far as
dear bugtraq'ers,
i must confess that the information i provided wrt the acclaimed DoS
exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
not fully accurate. the package *does in fact contain a buggy daemon*
despite having been fixed, according to the changelog:
proftpd (1.2
dear bugtraq'ers,
i must confess that the information i provided wrt the acclaimed DoS
exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was
not fully accurate. the package *does in fact contain a buggy daemon*
despite having been fixed, according to the changelog:
proftpd (1.
On Wed, 27 Mar 2002 00:37:59 +0100
martin f krafft <[EMAIL PROTECTED]> wrote:
>> [...]
>
> (please fix your line wraps!)
>
> security.debian.org has proftpd_1.2.0pre10-2.0potato1 which does not
> contain this bug, at least not on i386 systems:
>
> fishbowl:~> ncftp lapse.home.madduck.net
> NcFT
On Wed, 27 Mar 2002 00:37:59 +0100
martin f krafft <[EMAIL PROTECTED]> wrote:
>> [...]
>
> (please fix your line wraps!)
>
> security.debian.org has proftpd_1.2.0pre10-2.0potato1 which does not
> contain this bug, at least not on i386 systems:
>
> fishbowl:~> ncftp lapse.home.madduck.net
> NcF
On Wed, Mar 27, 2002 at 12:37:59AM +0100, martin f krafft wrote:
> also sprach Joe Dollard <[EMAIL PROTECTED]> [2002.03.25.2114 +0100]:
Hi,
> > The version of proftp that is in debian potato (1.2.0pre10 as
> > reported by running 'proftpd -v ') is vulnerable to a glob DoS
> > attack,
On Wed, Mar 27, 2002 at 12:37:59AM +0100, martin f krafft wrote:
> also sprach Joe Dollard <[EMAIL PROTECTED]> [2002.03.25.2114 +0100]:
Hi,
> > The version of proftp that is in debian potato (1.2.0pre10 as
> > reported by running 'proftpd -v ') is vulnerable to a glob DoS
> > attack,
also sprach Joe Dollard <[EMAIL PROTECTED]> [2002.03.25.2114 +0100]:
> The version of proftp that is in debian potato (1.2.0pre10 as
> reported by running 'proftpd -v ') is vulnerable to a glob DoS
> attack, as discovered on the 15th March 2001. You can verify this
> bug by
also sprach Joe Dollard <[EMAIL PROTECTED]> [2002.03.25.2114 +0100]:
> The version of proftp that is in debian potato (1.2.0pre10 as
> reported by running 'proftpd -v ') is vulnerable to a glob DoS
> attack, as discovered on the 15th March 2001. You can verify this
> bug by
20 matches
Mail list logo
