[18344] in bugtraq
Re: Memory leakage in proftpd leads to remote DoS
daemon@ATHENA.MIT.EDU (Rodrigo Barbosa (aka morcego))
Sun Dec 24 19:35:46 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="APlYHCtpeOhspHkB"
Content-Disposition: inline
Message-ID: <20001222180703.M10623@conectiva.com.br>
Date: Fri, 22 Dec 2000 18:07:03 -0200
Reply-To: "Rodrigo Barbosa (aka morcego)" <rodrigob@CONECTIVA.COM.BR>
From: "Rodrigo Barbosa (aka morcego)" <rodrigob@CONECTIVA.COM.BR>
X-To: Wojciech Purczynski <wp@ELZABSOFT.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.30.0012221339240.22766-100000@alfa.elzabsoft.pl>;
from wp@ELZABSOFT.PL on Fri, Dec 22, 2000 at 01:53:01PM +0100
--APlYHCtpeOhspHkB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Dec 22, 2000 at 01:53:01PM +0100, Wojciech Purczynski wrote:
> > The developers of proftpd have tried to confirm this bug, using scripts=
to
> > issue the SIZE command for hundred thousands of iterations, and failed =
to
> > verify that it does indeed exist.
> >
> > Versions of proftpd tested: pre10, rc1, rc2, and CVS. All failed to sh=
ow
> > symptoms of this memory leak.
>=20
> I've investigated the problem a little bit more and it seems that this
> memory leakage really _exist_ but only if proftpd runs in INETD mode.
>=20
> If proftpd works as standalone daemon it works fine and does not consume
> system memory.
I'll not repeat here all we said and discussed before. If anyone want
any further information on this, please refer to
http://bugs.proftpd.net/show_bug.cgi?id=3D408
The official position is: this bug does not exist.
No one every showed us any way we could reproduce it. All reports only
showed lack of compreension and misguidance.
Tkx
--=20
Rodrigo Barbosa (morcego) - rodrigob at conectiva.com.br
Conectiva R&D Team - http://distro.conectiva.com.br
"Quis custodiet custodes?" - http://www.conectiva.com
--APlYHCtpeOhspHkB
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6Q7Rnn5NdOMMM/nERArQkAJsEuC78FNRixp02oznIXJeuzP4lIACfWqZ6
ug66NE6M8oULsp9c5ueVC20=
=MTTH
-----END PGP SIGNATURE-----
--APlYHCtpeOhspHkB--
