From ChangeLog: Fixed segfault which can occur if NLST is used twice, the first time on a path which does not exist. Security-wise interesting?
Created attachment 124634 [details, diff] ebuild patch to proftpd-1.3.1_rc3.ebuild can you name a ftp client that uses NLST the closest I got was: $ ncftp -u dan -p password localhost NcFTP 3.1.9 (Mar 24, 2005) by Mike Gleason (http://www.NcFTP.com/contact/). Connecting to 127.0.0.1... ProFTPD 1.3.1rc2 Server (ProFTPD Default Installation) [::ffff:127.0.0.1] Logging in... User dan logged in Logged in to localhost. ncftp /home/dan > quote NLST /tmpdd > quote NLST /tmpdd Cmd: NLST /tmpdd 425: Unable to build data connection: Invalid argument Unable to build data connection: Invalid argument If it works then its a server DOS then its probably valid
can't name one, I just came across it while reviewing latest changes for an upgrade...
Closing as INVALID as it seems non exploitable. Feel free to reopen.
