[18251] in bugtraq
Re: Memory leakage in proftpd leads to remote DoS
daemon@ATHENA.MIT.EDU (tj@RAD.GEOLOGY.WASHINGTON.EDU)
Wed Dec 20 23:56:55 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0012201146050.26013-100000@rad.geology.washington.edu>
Date: Wed, 20 Dec 2000 11:48:06 -0800
Reply-To: tj@RAD.GEOLOGY.WASHINGTON.EDU
From: tj@RAD.GEOLOGY.WASHINGTON.EDU
X-To: Wojciech Purczynski <wp@ELZABSOFT.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.30.0012191428370.13265-100000@alfa.elzabsoft.pl>
> I've tested on proftd-1.2.0rc2 and people confirmed that this bug exist in
> the latest CVS version.
>
> I had no time to look at the code so no patch is currently available.
> Developers have just been informed.
>
> +--------------------------------------------------------------------+
> | Wojciech Purczynski wp@elzabsoft.pl http://www.elzabsoft.pl/~wp |
> | GSM: +48604432981 Linux Administrator SMS: wp-sms@elzabsoft.pl |
> +------ Public GnuPG Key: http://www.elzabsoft.pl/~wp/gpg.asc ------+
The developers of proftpd have tried to confirm this bug, using scripts to
issue the SIZE command for hundred thousands of iterations, and failed to
verify that it does indeed exist.
Versions of proftpd tested: pre10, rc1, rc2, and CVS. All failed to show
symptoms of this memory leak.
----------------------------------------------------------------------------
TJ Saunders tj@rad.geology.washington.edu
System Administrator Phone: (206) 685-8266
Remote Sensing Lab Fax: (206) 685-2379
University of Washington
----------------------------------------------------------------------------
