Date: Mon, 2 Oct 2000 16:05:00 -0500 (CDT) From: James Wyatt <jwyatt@rwsystems.net> To: Brett Glass <brett@lariat.org> Cc: Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <Pine.BSF.4.10.10010021601340.43354-100000@bsdie.rwsystems.net> In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Oct 2000, Brett Glass wrote: > At 12:51 PM 10/2/2000, Alex Charalabidis wrote: > >Yes it does. It was posted to bugtraq as a proftpd bug on 25 Jul 00 by > >Carlos Eduardo Gorges <carlos@VT.COM.BR>. I confirmed the bug existed on > >our 6.00LS too (and promptly forgot :P). As far as I know, there have be= en=20 > >no exploits and it's not even a DoS since the parent process is=20 > >unaffected. The default FreeBSD ftp client crashes before the server=20 > >process does, so you can only see the problem with a client on a differe= nt > >OS (oddly enough, the MS-DOS 7 client seems to be the only one that > >creates no problems at all). >=20 > Interesting. It appears that my earlier tests were not conclusive because= =20 > there were problems in both the server AND the client. Thank you for > pointing this out! There are no survivors... (^_^) > Let's try testing the server with the MS-DOS 7 client, so that any proble= ms=20 > with the FreeBSD FTP client are not a factor. >=20 > I am now using the MS-DOS 7 client and connecting to a FreeBSD 4.1+ serve= r=20 > (running FreeBSD 4.1-20000916-STABLE). Here's what I see from the client = side: >=20 > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|=B6QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not unders= tood. >=20 > This means that while the FreeBSD FTP client crashed (and generated the s= egfault > message), the server did not crash. However, there's still junk in the me= ssage > sent back by the server, which indicates that I may be getting at the sta= ck > here. Let me get this straight: A DOS executable survived better than a FreeBSD one? It also let you hurt the server more? Thanks for testing folks. Does everyone see the irony in this or is it just me? - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10010021601340.43354-100000>