Bugtraq mailing list archives
Memory leakage in proftpd leads to remote DoS
From: Wojciech Purczynski <wp () ELZABSOFT PL>
Date: Tue, 19 Dec 2000 14:58:03 +0100
Hello, Proftpd has memory leakage bug if it executes SIZE FTP command. Using 5000 SIZE commands causes proftpd to consume over 300kB of memory. Exploiting this bug with more SIZE commands gives us simple DoS attack. Anonymous access is sufficient to use SIZE commands and to exploit this bug. I've tested on proftd-1.2.0rc2 and people confirmed that this bug exist in the latest CVS version. I had no time to look at the code so no patch is currently available. Developers have just been informed. Cheers, wp +--------------------------------------------------------------------+ | Wojciech Purczynski wp () elzabsoft pl http://www.elzabsoft.pl/~wp | | GSM: +48604432981 Linux Administrator SMS: wp-sms () elzabsoft pl | +------ Public GnuPG Key: http://www.elzabsoft.pl/~wp/gpg.asc ------+
Current thread:
- Memory leakage in proftpd leads to remote DoS Wojciech Purczynski (Dec 19)
- Re: Memory leakage in proftpd leads to remote DoS Dmitry Alyabyev (Dec 20)
- Re: Memory leakage in proftpd leads to remote DoS tj (Dec 20)
- Re: Memory leakage in proftpd leads to remote DoS Wojciech Purczynski (Dec 22)
- Re: Memory leakage in proftpd leads to remote DoS Rodrigo Barbosa (aka morcego) (Dec 24)
- Re: Memory leakage in proftpd leads to remote DoS Wojciech Purczynski (Dec 22)