Date: Mon, 2 Oct 2000 16:05:00 -0500 (CDT) From: James Wyatt <jwyatt@rwsystems.net> To: Brett Glass <brett@lariat.org> Cc: Alex Charalabidis <alex@wnm.net>, "Chris D . Faulhaber" <jedgar@fxp.org>, security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <Pine.BSF.4.10.10010021601340.43354-100000@bsdie.rwsystems.net> In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost>
index | next in thread | previous in thread | raw e-mail
On Mon, 2 Oct 2000, Brett Glass wrote: > At 12:51 PM 10/2/2000, Alex Charalabidis wrote: > >Yes it does. It was posted to bugtraq as a proftpd bug on 25 Jul 00 by > >Carlos Eduardo Gorges <carlos@VT.COM.BR>. I confirmed the bug existed on > >our 6.00LS too (and promptly forgot :P). As far as I know, there have been > >no exploits and it's not even a DoS since the parent process is > >unaffected. The default FreeBSD ftp client crashes before the server > >process does, so you can only see the problem with a client on a different > >OS (oddly enough, the MS-DOS 7 client seems to be the only one that > >creates no problems at all). > > Interesting. It appears that my earlier tests were not conclusive because > there were problems in both the server AND the client. Thank you for > pointing this out! There are no survivors... (^_^) > Let's try testing the server with the MS-DOS 7 client, so that any problems > with the FreeBSD FTP client are not a factor. > > I am now using the MS-DOS 7 client and connecting to a FreeBSD 4.1+ server > (running FreeBSD 4.1-20000916-STABLE). Here's what I see from the client side: > > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|¶QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not understood. > > This means that while the FreeBSD FTP client crashed (and generated the segfault > message), the server did not crash. However, there's still junk in the message > sent back by the server, which indicates that I may be getting at the stack > here. Let me get this straight: A DOS executable survived better than a FreeBSD one? It also let you hurt the server more? Thanks for testing folks. Does everyone see the irony in this or is it just me? - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10010021601340.43354-100000>