Re: [cobalt-security] ProFTPD Bug - may lead to a security issue

[Michael Korolew <admin@xxxxxxxxxxxxxx>]

This writes a null byte into a register, simply need to patch the source
code, couldnt call this much of an exploit lol or DOS lol
But I guess the cobalt team will patch the source code and then put the patch
on the cobalt site, easy no need to panic and disable your ftp.

Jonathan Michaelson wrote:
> Hello Mark,
>
> >   I have attempted to duplicate this bug, but have not been successful
> > using the versions of Proftpd that are available from Sun/Cobalt's
> > support site.  Are you running a different version of ProFTPd than the
> > ones published on the site?  If so, please elaborate on the details so
> > we can attempt to duplicate and validate the issue.
> >     
>
> Nope. I'm running a bod standard Cobalt RaQ4 with all the packages from the
> Support site installed and the Cobalt supplied version of ProFTPD running
> without any modifications. It is vulnerable to this bug.
>
> I've just confirmed this on 2 other RaQ4's that we have. Here's the info:
>
> ftp 0
> Connected to 0.
> 220 ProFTPD 1.2.2rc1 Server (ProFTPD) [xxx.xxxxxxxx.xxx]
> Name (0:admin): XXXXX
> 331 Password required for XXXXX.
> Password:
> 230 User XXXXX logged in.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls ///////////////
> 200 PORT command successful.
> 150 Opening ASCII mode data connection for file list.
> 421 Service not available, remote server has closed connection
> ftp> quit
> tail /var/log/messages
> Dec 20 09:11:47 xxx proftpd[4676]: xxx.xxxxxxxx.xxx (localhost[127.0.0.1]) -
> ProFTPD terminating (signal 11)
>
> Regards,
> Jonathan Michaelson
> _________________
> ______________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
>