Not sure about anyone else, but i usually try these things with telnet and/or netcat to make sure. Test ==== ProFTPD 1.2.4 RedHat 7.1 Not vulnerable --r : -----Original Message----- : From: Nelson Sampaio Araujo Junior [mailto:nelsonat_private] : Sent: Wednesday, January 02, 2002 6:55 AM : To: Joel F; 'Yaroslav Klyukin'; vuln-devat_private : Subject: Re: Proftpd SIGSEGV : : : I've got an "Out of memory during globbing of /////...../////" on Mandrake : 8.1 : : []s : Nelson Junior : nelsonat_private : nelsonat_private : ----- Original Message ----- : From: "Joel F" <joelfat_private> : To: "'Yaroslav Klyukin'" <bulldozerat_private-ip.com>; : <vuln-devat_private> : Sent: Monday, December 31, 2001 6:41 PM : Subject: RE: Proftpd SIGSEGV : : : > Confirmed. However, this only happens if I use a linux based ftp. If I : > used the default XP ftp client, it lists the dirs with the //s in front : > of them, same login, same procedure from other linux boxes or localhost : > gives the results you found.. : > : > -----Original Message----- : > From: Yaroslav Klyukin [mailto:bulldozerat_private-ip.com] : > Sent: Sunday, December 30, 2001 6:53 AM : > To: vuln-devat_private : > Subject: Proftpd SIGSEGV : > : > : > I have found some strange things happening with proftpd (I tried 1.2.2 : > and 1.2.4. on different systems) : > : > When you issue : > ls //////////////////////////////////////////////////////////////////// : > : > command it will catch SIGSEGV and exit (11) : > : > I am not sure if it is already known, i send it just in case. : > : > Example: : > : > : > [root@desktop skintwin]# /usr/local/sbin/proftpd : > [root@desktop skintwin]# ftp localhost : > Connected to localhost.localdomain. : > 220 ProFTPD 1.2.4 Server (ProFTPD Default Installation) : > [desktop.skintwin.no-ip.com] : > Name (localhost:skintwin): : > 331 Password required for skintwin. : > Password: : > 230 User skintwin logged in. : > Remote system type is UNIX. : > Using binary mode to transfer files. : > ftp> ls : > //////////////////////////////////////////////////////////////////////// : > /////////// : > 227 Entering Passive Mode (127,0,0,1,4,100). : > 150 Opening ASCII mode data connection for file list : > 421 Service not available, remote server has closed connection : > ftp> : > : > : > In log files i have: : > : > : > : > Dec 30 17:46:27 desktop proftpd[1329]: desktop.skintwin.no-ip.com - : > ProFTPD 1.2.4 (release) (built óÂÔ äÅË 29 23:27:35 MSK 2001) standalone : > mode STARTUP : > Dec 30 17:46:35 desktop proftpd[1331]: desktop.skintwin.no-ip.com : > (localhost.localdomain[127.0.0.1]) - FTP session opened. : > Dec 30 17:47:09 desktop proftpd[1331]: desktop.skintwin.no-ip.com : > (localhost.localdomain[127.0.0.1]) - ProFTPD terminating (signal 11) : > : > : > : > : > -- : > Systems admin of skintwin.no-ip.com : > Visit http://skintwin.no-ip.com:777/ : > : >
This archive was generated by hypermail 2b30 : Wed Jan 02 2002 - 21:22:59 PST