this cross-protocol HTTPS/FTP attack is really interesting http://bugs.proftpd.org/show_bug.cgi?id=4143#c0 … we may face a can of x-prot worms here
@hanno ah, sorry, that was wrong. this is what he did to further mitigate: http://hg.dovecot.org/dovecot-2.2/rev/2589f9c5cc04 … - lowers limit to 3 invalid commands
-
-
@tehjh ah kay, back in march, so it's already released. have you looked at courier? (a writeup with hints how to best test would be great) -
@hanno no, I only looked at proftpd,vsftpd,dovecot. note that the variant without data con might be less exploitable than I thought... - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.