[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] ProFTP DoS

Subject: [cobalt-users] ProFTP DoS
From: "Per Magne Knutsen" <pknutsen@xxxxxxxxx>
Date: Thu Dec 21 07:25:01 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

This posting comes from BugTraq. All known versions of ProFTPD are
vulnerable.

WP> Proftpd has memory leakage bug if it executes SIZE FTP command.
WP> Using 5000 SIZE commands causes proftpd to consume over 300kB of
memory.
WP> Exploiting this bug with more SIZE commands gives us simple DoS attack.
WP> Anonymous access is sufficient to use SIZE commands and to exploit this
WP> bug.

Everyday, my log files are crammed with scans for anonymous access. Code
for exploting the above vulnerability is already publically available.

Workarounds:

1) Disable anonymous access (good idea anyway)
2) Disable SIZE command in /etc/proftpd.conf

        <Limit SIZE>
               Deny All
        </Limit>



Med vennlig hilsen / Yours Sincerely,

Per Magne Knutsen
NetHut.no
http://www.nethut.no
mailto: pknutsen@xxxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] ProFTP DoS
  - From: Carrie Linn Bartkowiak
- Re: [cobalt-users] ProFTP DoS
  - From: Brian Curtis

Prev by Date: [cobalt-users] POP box capabilities
Next by Date: [cobalt-users] custom 403 message
Previous by thread: Re: [cobalt-users] POP box capabilities
Next by thread: Re: [cobalt-users] ProFTP DoS

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index