Re: ProFTPD 1.2.2rc2 DoS

From: Kurth Bemis (kurthat_private)
Date: Mon Jun 04 2001 - 06:19:31 PDT

Next message: fintler: "Re: Mail bug"

Previous message: Devdas Bhagat: "Re: Mail bug"
In reply to: Daniel: "ProFTPD 1.2.2rc2 DoS"
Next in thread: ma: "Odp: ProFTPD 1.2.2rc2 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hrm.  I run the same version here...look:

-------------
kurth@trinity:~$ telnet localhost 21
Trying 127.0.0.1...
Connected to trinity.
Escape character is '^]'.
220 ProFTPD 1.2.2rc2 Server (XXXXXXXX.XXXXXXXX.XXX ftp server) [trinity]
pass
503 Login with USER first.
-------------
and in the logs:
-------------
Jun  4 09:11:56 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) -
connected - local  : 127.0.0.1:21
Jun  4 09:11:56 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) -
connected - remote : 127.0.0.1:4055
Jun  4 09:11:56 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - FTP
session opened.
Jun  4 09:11:59 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) -
received: PASS (hidden)
Jun  4 09:12:04 trinity last message repeated 3 times
Jun  4 09:12:07 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) -
received: USER
Jun  4 09:12:07 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) -
received: USER
Jun  4 09:12:09 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) -
received: PASS (hidden)
Jun  4 09:12:09 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) -
received: PASS (hidden)
Jun  4 09:12:10 trinity proftpd[31773]: trinity (trinity[127.0.0.1]) - FTP
session closed.
----------------

On debian you need to configure with a special flag to make proftpd use
the old md5 auth or something or other.  its too early in the morning to
really think. :-)  If it comes to me later in the day I'll post it if
nobody else does.

I think that this problem is unique to your install.

~kurth

Kurth Bemis
Senior Network Admin/Owner: USAExpress.net
Owner: Ozone Computer

http://kurth.hardcrypto.com
PGP Key Avail.
---------------------------------------------------------------------
Uh!.....Uh!.....Uh!....."I'm done with this."...Out the window

On Sun, 3 Jun 2001, Daniel wrote:

>
> I've discovered that ProFTPD 1.2.2rc2 has a bug - each instance of the
> daemon can be crashed remotely:
> This happens when the PASS command is received before the USER command:
> box:~# telnet 127.0.0.1 21
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> 220 ProFTPD 1.2.2rc2 Server (ProFTPD Default Installation) [box.xxx.com]
> pass
> Connection closed by foreign host.
> box:~#
> If you run proftpd -d 5, (debug mode, level 5) in the logs you see:
> box.xxx.com (localhost[127.0.0.1]) - FTP session opened.
> box.xxx.com (localhost[127.0.0.1]) - received: PASS (hidden)
> box.xxx.com (localhost[127.0.0.1]) - ProFTPD terminating (signal 11)
>
>  - Daniel Volozov
>
>
>
>
>

Next message: fintler: "Re: Mail bug"
Previous message: Devdas Bhagat: "Re: Mail bug"
In reply to: Daniel: "ProFTPD 1.2.2rc2 DoS"
Next in thread: ma: "Odp: ProFTPD 1.2.2rc2 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 12:30:26 PDT