Date: Wed, 27 Aug 1997 10:09:28 -0400 (EDT) From: ENERGiZER <energizr@mail.webspan.net> To: freebsd-bugs@FreeBSD.ORG Cc: energizr@webspan.net Subject: another ftpd bug (denial of service attack by stealing CPU) Message-ID: <Pine.BSF.3.95.970827094104.10914A-100000@orion.webspan.net> In-Reply-To: <199708151242.IAA29995@station1.firehouse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, i reported this bug to BSDI weeks ago. according to the developer i spoke to the afffects this attack had on FreeBSD was worse than BSDI. strictly, this is not a FreeBSD bug but a problem with the ftpd bundled with FreeBSD. Hopefully you can get them to fix this as soon as possible, I'm thinking of putting this one on my web page in a few weeks. here's the bug... Description: ftp into a site (either anonymous or as a user), execute nlist ../*/../*/../*/../*/../*/../*/../*/../*/../* etc... as many ../*'s as you can do and exit (kill ftp). You will leave a process running that will take all of the CPU available. Multiples are able to be started and eventually, I guess could lead to resource exhaustion. Effects: Since ftpd is executed as root on FreeBSD there is no limit to the amount of resources ftpd can take up. When i tried this on my FreeBSD 2.2.x box it ran out of swap (used over 256meg) and processor usage on that process shot up to 99.22%. what this command actually does is create a huge looping directory listing, so i guess ftpd tries to allocate memory for this listing but its very big =) hope you can get this one fixed, i reckon it will work on nearly all (if not all) unix ftpd's. I hope this is of some help, ENER.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970827094104.10914A-100000>