Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 184601

Summary: net-ftp/proftpd-1.3.1 NLST segv
Product: Gentoo Security Reporter: Markus Ullmann (RETIRED) <jokey>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: critical CC: net-ftp
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments:
Description Flags
ebuild patch to proftpd-1.3.1_rc3.ebuild none

Description Markus Ullmann (RETIRED) gentoo-dev 2007-07-08 13:23:11 UTC
From ChangeLog:

Fixed segfault which can occur if NLST is used twice, the first time on a path which does not exist.

Security-wise interesting?
Comment 1 Daniel Black (RETIRED) gentoo-dev 2007-07-12 11:55:25 UTC
Created attachment 124634 [details, diff]
ebuild patch to proftpd-1.3.1_rc3.ebuild

can you name a ftp client that uses NLST
the closest I got was:
$ ncftp   -u dan -p password localhost
NcFTP 3.1.9 (Mar 24, 2005) by Mike Gleason (http://www.NcFTP.com/contact/).
Connecting to 127.0.0.1...
ProFTPD 1.3.1rc2 Server (ProFTPD Default Installation) [::ffff:127.0.0.1]
Logging in...
User dan logged in
Logged in to localhost.
ncftp /home/dan > quote NLST /tmpdd
> quote NLST /tmpdd
Cmd: NLST /tmpdd
425: Unable to build data connection: Invalid argument
Unable to build data connection: Invalid argument

If it works then its a server DOS then its probably valid
Comment 2 Markus Ullmann (RETIRED) gentoo-dev 2007-07-12 12:27:16 UTC
can't name one, I just came across it while reviewing latest changes for an upgrade...
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-07-15 10:26:44 UTC
Closing as INVALID as it seems non exploitable. Feel free to reopen.