Vulnerability Development: Re: ProFTPD 1.2.2rc2 DoS

[Daniel Roesen <dr () cluenet de>]

On Sun, Jun 03, 2001 at 10:53:34PM +0000, Daniel wrote:
> I've discovered that ProFTPD 1.2.2rc2 has a bug - each instance of the
> daemon can be crashed remotely:
In which regard is that to be considered a DoS? You are shooting only
your own session.

> This happens when the PASS command is received before the USER command:
> box:~# telnet 127.0.0.1 21
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> 220 ProFTPD 1.2.2rc2 Server (ProFTPD Default Installation) [box.xxx.com]
> pass
> Connection closed by foreign host.
> box:~#
> If you run proftpd -d 5, (debug mode, level 5) in the logs you see:
> box.xxx.com (localhost[127.0.0.1]) - FTP session opened.
> box.xxx.com (localhost[127.0.0.1]) - received: PASS (hidden)
> box.xxx.com (localhost[127.0.0.1]) - ProFTPD terminating (signal 11)
I cannot reproduce that here:

Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 ProFTPD 1.2.2rc2 Server (ProFTPD Default Installation) [localhost]
pass
503 Login with USER first.
pass foo
503 Login with USER first.

Logging:
localhost (localhost[127.0.0.1]) - FTP session opened.
localhost (localhost[127.0.0.1]) - received: PASS (hidden)
localhost (localhost[127.0.0.1]) - received: PASS (hidden)


<sarcasm> Thanks for not mailing security () proftpd org btw... </sarcasm>


Regards,
Daniel (dr () proftpd org)