[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] ProFTP DoS
- Subject: Re: [cobalt-users] ProFTP DoS
- From: "Brian Curtis" <admin@xxxxxxxxxxx>
- Date: Thu Dec 21 07:52:01 2000
- Organization: Pomfret Computer Technologies
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> This posting comes from BugTraq. All known versions of ProFTPD are
> vulnerable.
>
> WP> Proftpd has memory leakage bug if it executes SIZE FTP command.
> WP> Using 5000 SIZE commands causes proftpd to consume over 300kB of
> memory.
> WP> Exploiting this bug with more SIZE commands gives us simple DoS
attack.
> WP> Anonymous access is sufficient to use SIZE commands and to exploit
this
> WP> bug.
>
> Everyday, my log files are crammed with scans for anonymous access. Code
> for exploting the above vulnerability is already publically available.
>
> Workarounds:
>
> 1) Disable anonymous access (good idea anyway)
> 2) Disable SIZE command in /etc/proftpd.conf
>
> <Limit SIZE>
> Deny All
> </Limit>
Umm, you should have read the archives of the ProFTPD lists before posting
this and potentially alarming a great number of people.
This is an isolated case at this point. One person claims to have found a
memory leak. Others have tried hard to reproduce the problem w/o *ANY*
success. When confronted, the finder of this so-called "bug" refused to
provide sufficient information to substantiate their claim.
To the ProFTPD maintainers, this bug doesn't actually exist since it cannot
be reproduced.
Read the thread for yourselves at:
http://www.proftpd.org/proftpd-l-archive/00-12/msg00449.html
--
Brian Curtis