Summary: | net-ftp/proftpd-1.3.1 NLST segv | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Markus Ullmann (RETIRED) <jokey> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED INVALID | ||||||
Severity: | critical | CC: | net-ftp | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Markus Ullmann (RETIRED)
![]() Created attachment 124634 [details, diff] ebuild patch to proftpd-1.3.1_rc3.ebuild can you name a ftp client that uses NLST the closest I got was: $ ncftp -u dan -p password localhost NcFTP 3.1.9 (Mar 24, 2005) by Mike Gleason (http://www.NcFTP.com/contact/). Connecting to 127.0.0.1... ProFTPD 1.3.1rc2 Server (ProFTPD Default Installation) [::ffff:127.0.0.1] Logging in... User dan logged in Logged in to localhost. ncftp /home/dan > quote NLST /tmpdd > quote NLST /tmpdd Cmd: NLST /tmpdd 425: Unable to build data connection: Invalid argument Unable to build data connection: Invalid argument If it works then its a server DOS then its probably valid can't name one, I just came across it while reviewing latest changes for an upgrade... Closing as INVALID as it seems non exploitable. Feel free to reopen. |