[18203] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Memory leakage in proftpd leads to remote DoS

daemon@ATHENA.MIT.EDU (Wojciech Purczynski)
Tue Dec 19 23:39:24 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.LNX.4.30.0012191428370.13265-100000@alfa.elzabsoft.pl>
Date:         Tue, 19 Dec 2000 14:58:03 +0100
Reply-To: Wojciech Purczynski <wp@ELZABSOFT.PL>
From: Wojciech Purczynski <wp@ELZABSOFT.PL>
To: BUGTRAQ@SECURITYFOCUS.COM

Hello,

Proftpd has memory leakage bug if it executes SIZE FTP command.
Using 5000 SIZE commands causes proftpd to consume over 300kB of memory.
Exploiting this bug with more SIZE commands gives us simple DoS attack.
Anonymous access is sufficient to use SIZE commands and to exploit this
bug.

I've tested on proftd-1.2.0rc2 and people confirmed that this bug exist in
the latest CVS version.

I had no time to look at the code so no patch is currently available.
Developers have just been informed.

Cheers,
wp

+--------------------------------------------------------------------+
| Wojciech Purczynski   wp@elzabsoft.pl  http://www.elzabsoft.pl/~wp |
| GSM: +48604432981   Linux Administrator   SMS: wp-sms@elzabsoft.pl |
+------ Public GnuPG Key:  http://www.elzabsoft.pl/~wp/gpg.asc ------+


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18203] in bugtraq

Memory leakage in proftpd leads to remote DoS

daemon@ATHENA.MIT.EDU (Wojciech Purczynski)Tue Dec 19 23:39:24 2000

daemon@ATHENA.MIT.EDU (Wojciech Purczynski)
Tue Dec 19 23:39:24 2000