[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] ProFTPD Bug - may lead to a security issue

Subject: RE: [cobalt-security] ProFTPD Bug - may lead to a security issue
From: "Mark Carey" <mark.carey@xxxxxxx>
Date: Thu, 20 Dec 2001 10:17:09 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Jonathan,
  I have validated this issue.  The interesting thing is that when you
attempt to execute the sequence to evoke the bug under a windows ftp
client, the proftpd process fails to crash.  However, when a unix ftp
client is used, the proftpd process does indeed crash.

We are researching exactly why this is the case.  I expect that shortly
after 1:00pm EST today (Thursday) we will have a better idea of when we
can have a patch.  (That's California-arrive-at-work-time :-).  

I will spend the morning attempting to see if this can be exploited
maliciously.  Expect a post later today.

	Thanks again,
	Mark Carey,
	Sun Cobalt Vulnerability Assessment.


-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Jonathan
Michaelson
Sent: Thursday, December 20, 2001 4:15 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] ProFTPD Bug - may lead to a security
issue


Hello Mark,

>   I have attempted to duplicate this bug, but have not been successful

> using the versions of Proftpd that are available from Sun/Cobalt's 
> support site.  Are you running a different version of ProFTPd than the

> ones published on the site?  If so, please elaborate on the details so

> we can attempt to duplicate and validate the issue.

Nope. I'm running a bod standard Cobalt RaQ4 with all the packages from
the Support site installed and the Cobalt supplied version of ProFTPD
running without any modifications. It is vulnerable to this bug.

I've just confirmed this on 2 other RaQ4's that we have. Here's the
info:

ftp 0
Connected to 0.
220 ProFTPD 1.2.2rc1 Server (ProFTPD) [xxx.xxxxxxxx.xxx]
Name (0:admin): XXXXX
331 Password required for XXXXX.
Password:
230 User XXXXX logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ///////////////
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
421 Service not available, remote server has closed connection
ftp> quit
tail /var/log/messages
Dec 20 09:11:47 xxx proftpd[4676]: xxx.xxxxxxxx.xxx
(localhost[127.0.0.1]) - ProFTPD terminating (signal 11)

Regards,
Jonathan Michaelson _______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
  - From: Jonathan Michaelson

References:
- Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
  - From: Jonathan Michaelson

Prev by Date: [cobalt-security] ProFTPD Bug - may lead to a security issue
Next by Date: [cobalt-security] Strange ssh behaviour
Previous by thread: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Next by thread: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index