Bugtraq mailing list archives

Re: BUG IN ALL PROFTP 1.2 VERSIONS ALSO RC1

From: "Rodrigo Barbosa (aka morcego)" <rodrigob () CONECTIVA COM BR>
Date: Wed, 26 Jul 2000 11:22:20 -0400

On Tue, Jul 25, 2000 at 04:11:16PM -0300, Carlos Eduardo Gorges wrote:

Hi all,

I found several bugs in all the versions of proftp ( tested in proftp
1.2.0pre6, proftp 1.2.0pre10 and proftp 1.2.0rc1 ).

All involve parse of characters
for example,
connects in a proftpd host and

ftp> quote %999s

voyala !
the children stops in segfail : -)


According to MacGyver, this problem was fixed in the last CVS version.
(CVS access instruction is at www.proftpd.net)

Also, acording to the Proftpd mailing list, this denotates two different
problems.

1st.: FTP Client with problems

        When the use did that, the ftp client sent to proftpd a very, very
long blank string, which it should not.

2nd.: Proftpd problem

        Proftpd dropped the conection uppon receipt of this long blank
string, core dumping.

A good look at the ftp client used on this test is also a good idea.

References:
[1] Proftpd Home Page -> http://www.proftpd.net/
[2] Proftpd Mailing List -> proftpd () proftpd net
[3] Proftpd Development Mailing List -> proftpd-devel () proftpd net
[4] MacGyver -> Proftpd Maintainer

-- 
 /*        Rodrigo Barbosa -  A.K.A. morcego       */
 /* rodrigob () conectiva com br - Conectiva R&D Team */
 /*      "Quis custodiet custodias?" - Juvenal     */

Attachment: _bin
Description:

Current thread:

BUG IN ALL PROFTP 1.2 VERSIONS ALSO RC1 Carlos Eduardo Gorges (Jul 25)
- Re: BUG IN ALL PROFTP 1.2 VERSIONS ALSO RC1 Daniel Jacobowitz (Jul 26)
- Re: BUG IN ALL PROFTP 1.2 VERSIONS ALSO RC1 Rodrigo Barbosa (aka morcego) (Jul 26)
- Re: BUG IN ALL PROFTP 1.2 VERSIONS ALSO RC1 Nic Bellamy (Jul 26)
  - Re: BUG IN ALL PROFTP 1.2 VERSIONS ALSO RC1 MacGyver (Jul 27)