Bugtraq mailing list archives
Re: ProFTPD 1.2.0 Memory leakage - denial of service
From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Thu, 21 Dec 2000 17:29:43 +0100
On Wed, 20 Dec 2000, Piotr Zurawski wrote:
This is sample code to demonstrate effects of memory leak in ProFTPD daemon. As far as I know all available versions up to date (19.12.2000) are vulnerable to this.
Heheh.... for(loop=0;loop<HOWMANY;loop++) { sprintf(snd, "SIZE /dadasjasojdasj/adhjaodhahasohasaoihroaha"); write(fd, snd, strlen(snd)); } You are not sending newline characters at the end of each line. In fact, you are sending really huge one-line command (this line will be broken into separate lines on the other side, but only the first line will start with "SIZE ..." command in most cases). Btw. you might want to test such code against other services, IIRC some services are vulnerable to very-long-input-line DoS (by memory exhaustion) as long as they are not implementing reasonable timeouts and limits. -- _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =--=> Did you know that clones never use mirrors? <=--=
Current thread:
- ProFTPD 1.2.0 Memory leakage - denial of service Piotr Zurawski (Dec 20)
- Re: ProFTPD 1.2.0 Memory leakage - denial of service Michal Zalewski (Dec 21)