ProFTPD 1.2.0 Memory leakage - denial of service

[Piotr Zurawski <szur () IX RENET PL>]

  This is sample code to demonstrate effects of memory leak in
ProFTPD daemon. As far as I know all available versions up to date
(19.12.2000) are vulnerable to this.

  This bug is not dangerous, if you run one instance of included code.
But wonder, what will happen, if someone will run about 20 sessions...
Wojciech Purczynski reported, that memory leak exists also, when other
FTP commands are invoked (eg. STAT).
  Of course daemon will consume only as much, as it's defined in limits
of the user, daemon runs as. If you use setrlimit()in source, pam, or
ulimit before you start the daemon, this probably won't hurt so much.



--
Piotr Zurawski [fb]
szur () ix renet pl

Attachment: dos.c
Description: