Bugtraq mailing list archives
Re: ProFTPD - Problems in file globbing, gives segmentation fault.
From: Moritz Grimm <gtgbr () gmx net>
Date: Thu, 20 Dec 2001 03:36:35 +0100
Mattias _ wrote:
AFFECTED VERSIONS ================= ProFTPD 1.2.4 ProFTPD 1.2.2rc3 (Others may be affected as well.) SYSTEMS ======= This is tested on Slackware 8. IMPACT ====== The ftpd-child dies with signal 11 (SEGV), but the server stays up. The question is if itÂ’s possible to do something nasty with this!?
I'm running ProFTPD 1.2.2 under OpenBSD 2.8. The following happened when I tried it locally: <snip> Connected to localhost. 220 FTP Server ready. Name (localhost:maxx): 331 Password required for maxx. Password: 230 User maxx logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls //////////////////////////// 500 EPSV not understood. 227 Entering Passive Mode (127,0,0,1,134,172). 150 Opening ASCII mode data connection for file list ^C receive aborted waiting for remote to finish abort. 421 Service not available, remote server has closed connection. </snip> The logs show the following many times: Dec 20 01:27:13 phoenix proftpd in free(): warning: modified (chunk-) pointer. Dec 20 01:27:13 phoenix proftpd in free(): warning: junk pointer, too high to make sense. Dec 20 01:27:13 phoenix proftpd in free(): warning: junk pointer, too low to make sense. Both server and child didn't die. After getting disconnected, the child process was still there and I had to kill -9 it. While it was running, the computer showed symptoms of 100% CPU usage. Everything became pretty slow, but not unusable (no real DoS). After killing the child, everything went back to normal. I wasn't able to remotely reproduce this behavior. Here's what happened when using the Win2000 command line ftp from another box: <snip> 230 Anonymous access granted, restrictions apply. ftp> ls //////////////////////////// 200 PORT command successful. 150 Opening BINARY mode data connection for file list. /////////////////////////////uploads /////////////////////////////welcome.msg /////////////////////////////pub /////////////////////////////tmp 226 Transfer complete. FTP: 148 Bytes empfangen in 0,07Sekunden 2,11KB/s </snip> This time, nothing weird happened. I hope this is of any use for you. Moritz -- _______________________________________________________________________ "They who would give up an essential liberty for temporary security, deserve neither liberty or security" - Benjamin Franklin
Current thread:
- ProFTPD - Problems in file globbing, gives segmentation fault. Mattias _ (Dec 19)
- Re: ProFTPD - Problems in file globbing, gives segmentation fault. Edsel Adap (Dec 19)
- Re: ProFTPD - Problems in file globbing, gives segmentation fault. Rink Springer (Dec 19)
- Re: ProFTPD - Problems in file globbing, gives segmentation fault. Markus Kovero (Dec 19)
- Re: ProFTPD - Problems in file globbing, gives segmentation fault. Przemyslaw Frasunek (Dec 19)
- Re: ProFTPD - Problems in file globbing, gives segmentation fault. Moritz Grimm (Dec 20)
- Re: ProFTPD - Problems in file globbing, gives segmentation fault. Edsel Adap (Dec 19)