[15975] in bugtraq
Re: BUG IN ALL PROFTP 1.2 VERSIONS ALSO RC1
daemon@ATHENA.MIT.EDU (Rodrigo Barbosa (aka morcego))
Wed Jul 26 17:10:53 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="jq0ap7NbKX2Kqbes"
Content-Disposition: inline
Message-ID: <20000726112220.B18181@conectiva.com.br>
Date: Wed, 26 Jul 2000 11:22:20 -0400
Reply-To: "Rodrigo Barbosa (aka morcego)" <rodrigob@CONECTIVA.COM.BR>
From: "Rodrigo Barbosa (aka morcego)" <rodrigob@CONECTIVA.COM.BR>
X-To: Carlos Eduardo Gorges <carlos@VT.COM.BR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <00072516114600.09191@quarks.techlinux>; from carlos@VT.COM.BR on
Tue, Jul 25, 2000 at 04:11:16PM -0300
--jq0ap7NbKX2Kqbes
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jul 25, 2000 at 04:11:16PM -0300, Carlos Eduardo Gorges wrote:
> Hi all,
>=20
> I found several bugs in all the versions of proftp ( tested in proftp
> 1.2.0pre6, proftp 1.2.0pre10 and proftp 1.2.0rc1 ).
>=20
> All involve parse of characters
> for example,
> connects in a proftpd host and
>=20
> ftp> quote %999s
>=20
> voyala !
> the children stops in segfail : -)
>=20
According to MacGyver, this problem was fixed in the last CVS version.
(CVS access instruction is at www.proftpd.net)
Also, acording to the Proftpd mailing list, this denotates two different
problems.
1st.: FTP Client with problems
When the use did that, the ftp client sent to proftpd a very, very
long blank string, which it should not.
2nd.: Proftpd problem
Proftpd dropped the conection uppon receipt of this long blank
string, core dumping.
A good look at the ftp client used on this test is also a good idea.
References:
[1] Proftpd Home Page -> http://www.proftpd.net/
[2] Proftpd Mailing List -> proftpd@proftpd.net
[3] Proftpd Development Mailing List -> proftpd-devel@proftpd.net
[4] MacGyver -> Proftpd Maintainer
--=20
/* Rodrigo Barbosa - A.K.A. morcego */
/* rodrigob@conectiva.com.br - Conectiva R&D Team */
/* "Quis custodiet custodias?" - Juvenal */
--jq0ap7NbKX2Kqbes
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5fwIsn5NdOMMM/nERAj+1AJ0TtD2r2lusol7MkqINME4S0gEm1ACg23SO
lYakcq4KPioxoplCL2nsYsc=
=gvJ+
-----END PGP SIGNATURE-----
--jq0ap7NbKX2Kqbes--
