[UNIX] ProFTPD File Globbing Problems (////.../)
From: support@securiteam.comDate: 12/20/01
- Previous message: support@securiteam.com: "[NT] Windows XP Security Concerns (Fast Switch, Password Reset, Remote Desktop)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Thu, 20 Dec 2001 09:12:03 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
ProFTPD File Globbing Problems (////.../)
------------------------------------------------------------------------
SUMMARY
A problem in handling file globbing exists in the current version of
ProFTPD 1.2.4. This is very similar to the <
http://www.securiteam.com/unixfocus/6U00V0035Q.html> wu-ftpd bug ("ls ~{")
and occurs when you issuing the command: ls /////////// (11 or more '/').
DETAILS
Vulnerable systems:
ProFTPD 1.2.4
ProFTPD 1.2.2rc3
Immune systems:
ProFTPD 1.2.5rc1
Impact:
The ftpd-child dies with signal 11 (SEGV), but the server stays up.
A segmentation fault occurs when the server tries to free a unallocated
memory with a free()-function and it could be a heap corruption
vulnerability. It is in the file lib/glibc-glob.c in function void
globfree (pglob) the SEGV occurs.
Recreate:
Login as ftp(anonymous) and issue the command:
ftp> ls ///////////
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
421 Service not available, remote server has closed connection
ftp>
And the debug messages reads (proftpd -n -d 5):
dispatching PRE_CMD command 'LIST ///////////' to mod_core
dispatching CMD command 'LIST ///////////' to mod_ls
active data connection opened - local : 127.0.0.1:20
active data connection opened - remote : 127.0.0.1:1286
in dir_check_full(): path = '/', fullpath = '/home/ftp/'.
ProFTPD terminating (signal 11)
Solution:
Upgrade to version 1.2.5rc1.
ADDITIONAL INFORMATION
The information has been provided by <mailto:surre1@hotmail.com> Mattias
_.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Windows XP Security Concerns (Fast Switch, Password Reset, Remote Desktop)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
