Re: Multiple vendors FTP denial of service

[Elias Levy <aleph1 () SECURITYFOCUS COM>]

From: Ron DuFresne <dufresne () winternet com>

Regarding tftpd, is it as I suspect, subject to many of the same
exploitations as ftpd, remotely exploitable buffer overflows and all the
other sweet little nasties recently being documented?


From: Shane Youhouse <Shane.Youhouse () goodmanmfg com>

Neither was glftpd
And I have found nothing better since first using it.


From: Jay DeSotel <jay () jay interl net>

I'm running BeroFTPD-1.3.4, and it does not seem to efftect it at all, I
tried different variations of the string and still nothing....


From: paul () anastrophe com

FYI, I've just tested my own installations of the commercial NcFTPd package,
and it is not vulnerable to this attack so far as I can tell. If someone
want's to whang on my server, have at it, ftp.anastrophe.com, though I'd
appreciate an email ahead of time as a courtesy.


From: Laurent LEVIER <llevier () argosnet com>

The FTP daemon provided on Solaris 8 is also vulnerable


From: "Gregory A Lundberg" <lundberg () vr net>

Anyone using _any_ version of BeroFTPD has worse problems than this and
should immediately upgrade to the current version: WU-FTPD 2.6.1.


From: Carlos Morgado <chbm () cprm net>

In fact, the code is inherited from troll tech's ftpd (which means troll
ftpd is vulnerable) and not written by the Jedi fella.


From: "Thomas Maxwell" <tom () davis-eng on ca>

 I've encountered another issue with ProFTPD 1.2.0rc3.
 Upon running:
 ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
 The system would sit in an idle standpoint for an extended period
 to time only to be
 cancelled by myself.

 Upon speaking with the target of the attack his system had all
 system resources consumed and
 was forced to reboot.

 Filesystem is Linux 2.2.x
 Fileserver is ProFTPD 1.2.0rc3


From: "Matus \"fantomas\" Uhlar" <uhlar () fantomas sk>

well,                                                                                                                   
                                        proftpd 1.2.1 IS vulnerable to this problem on FreeBSD-4.2 on intel
proftpd 1.2.1 IS vulnerable to this problem on FreeBSD-4.2 on alpha
proftpd 1.2.0 IS vulnerable to this problem on FreeBSD-4.2 on alpha


From: "Dan Harkless" <dan-bugtraq () dilvish speed net>

Note that one _shouldn't_ look on <http://www.proftpd.net/>, a "mistake" I
made.  <http://www.proftpd.org/> used to redirect to .net, so I thought .net
was the canonical URL.

Looks like the two servers split on February 10, however, and proftpd.net's
"News" and "Critical Bugs" pages make no mention of this vulnerability.
Take note, y'all...


From: "Dino Amato" <slayer67 () apk net>

on RedHat 7.0 w/wuftp, this is what I get with this:                                                                    
                                        226 Transfer complete.
ftp: 91 bytes received in 0.00Seconds 91000.00Kbytes/sec.
ftp> ls .*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/
200 PORT command successful.
550 No files found.
ftp> ls */.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/
200 PORT command successful.
550 */.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*: No such
file or directory.
ftp>


From: Liviu Sas <liviu () bv ro>

Looks like bash  2.04.0(1)-release an linux, and older are also vulnerable
to this bug ...
a `ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*` comand
makes bash eat all memory and cpu available making the machine crash.


From: Arnt Gulbrandsen <arnt () trolltech com>

Troll-ftpd has been secure against "*/../*" since last time it was
mentioned on bugtraq, but it is not secure against variants like
"*/..*/*". I do not have a fix for this right now, but expect a fix soon.
I have to think a little. (I don't want any complex or feature-rich code.)

FYI, there won't be any more releases of troll-ftpd, except in cases of
security problems.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum