On Wed, Dec 19, 2001 at 02:22:40PM +0100, Mattias _ wrote:
> 1.2.4 (but it’s fixed in the Candidate version: 1.2.5rc1). This
> is very similar to the wu-ftpd bug (“ls ~{”) and occurs when you issue
> the command: ls /////////// (11 or more ‘/’). I haven’t figured out if
> it’s exploitable. That’s why I post it to you guys. :-)
>
> AFFECTED VERSIONS
> =================
> ProFTPD 1.2.4
> ProFTPD 1.2.2rc3
> (Others may be affected as well.)
>
> SYSTEMS
> =======
> This is tested on Slackware 8.
I tested this on Debian 2.2 with proftpd 1.2.0pre10 and it doesn't seem
to be vulnerable.
