Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Proftpd SIGSEGV

From: "Ryan Yagatich" <ryany () pantek com>
Date: Wed, 2 Jan 2002 15:45:18 -0500
Not sure about anyone else, but i usually try these things with telnet
and/or
netcat to make sure.

Test
====
ProFTPD 1.2.4
RedHat          7.1

Not vulnerable
--r

: -----Original Message-----
: From: Nelson Sampaio Araujo Junior [mailto:nelson () lunenetworks com br]
: Sent: Wednesday, January 02, 2002 6:55 AM
: To: Joel F; 'Yaroslav Klyukin'; vuln-dev () securityfocus com
: Subject: Re: Proftpd SIGSEGV
:
:
: I've got an "Out of memory during globbing of /////...../////" on Mandrake
: 8.1
:
: []s
: Nelson Junior
: nelson () lunenetworks com br
: nelson () LUNE com br
: ----- Original Message -----
: From: "Joel F" <joelf () dunkan net>
: To: "'Yaroslav Klyukin'" <bulldozer () skintwin no-ip com>;
: <vuln-dev () securityfocus com>
: Sent: Monday, December 31, 2001 6:41 PM
: Subject: RE: Proftpd SIGSEGV
:
:
: > Confirmed.  However, this only happens if I use a linux based ftp.  If I
: > used the default XP ftp client, it lists the dirs with the //s in front
: > of them, same login, same procedure from other linux boxes or localhost
: > gives the results you found..
: >
: > -----Original Message-----
: > From: Yaroslav Klyukin [mailto:bulldozer () skintwin no-ip com]
: > Sent: Sunday, December 30, 2001 6:53 AM
: > To: vuln-dev () securityfocus com
: > Subject: Proftpd SIGSEGV
: >
: >
: > I have found some strange things happening with proftpd (I tried 1.2.2
: > and 1.2.4. on different systems)
: >
: > When you issue
: > ls ////////////////////////////////////////////////////////////////////
: >
: > command it will catch SIGSEGV and exit (11)
: >
: > I am not sure if it is already known, i send it just in case.
: >
: > Example:
: >
: >
: > [root@desktop skintwin]# /usr/local/sbin/proftpd
: > [root@desktop skintwin]# ftp localhost
: > Connected to localhost.localdomain.
: > 220 ProFTPD 1.2.4 Server (ProFTPD Default Installation)
: > [desktop.skintwin.no-ip.com]
: > Name (localhost:skintwin):
: > 331 Password required for skintwin.
: > Password:
: > 230 User skintwin logged in.
: > Remote system type is UNIX.
: > Using binary mode to transfer files.
: > ftp> ls
: > ////////////////////////////////////////////////////////////////////////
: > ///////////
: > 227 Entering Passive Mode (127,0,0,1,4,100).
: > 150 Opening ASCII mode data connection for file list
: > 421 Service not available, remote server has closed connection
: > ftp>
: >
: >
: > In log files i have:
: >
: >
: >
: > Dec 30 17:46:27 desktop proftpd[1329]: desktop.skintwin.no-ip.com -
: > ProFTPD 1.2.4 (release) (built Сбт Дек 29 23:27:35 MSK 2001) standalone
: > mode STARTUP
: > Dec 30 17:46:35 desktop proftpd[1331]: desktop.skintwin.no-ip.com
: > (localhost.localdomain[127.0.0.1]) - FTP session opened.
: > Dec 30 17:47:09 desktop proftpd[1331]: desktop.skintwin.no-ip.com
: > (localhost.localdomain[127.0.0.1]) - ProFTPD terminating (signal 11)
: >
: >
: >
: >
: > --
: > Systems admin of skintwin.no-ip.com
: > Visit http://skintwin.no-ip.com:777/
: >
: >
Previous By Date Next
Previous By Thread Next

Current thread: