New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote denial-of-service due to issue in network IO handling #846
Comments
|
Note that this bug is also present in ProFTPD 1.3.7rc1. |
Castaglia
added a commit
that referenced
this issue
Oct 19, 2019
…mmands in an effort to DoS the server.
Castaglia
added a commit
that referenced
this issue
Oct 19, 2019
Issue #846: Handle the case where a client tries to send too-large co…
Castaglia
added a commit
that referenced
this issue
Oct 19, 2019
Castaglia
added a commit
that referenced
this issue
Oct 19, 2019
…mmands in an effort to DoS the server.
Castaglia
added a commit
that referenced
this issue
Oct 19, 2019
|
Thanks! |
Sashan
pushed a commit
to Sashan/proftpd
that referenced
this issue
Oct 24, 2019
…arge commands in an effort to DoS the server.
This was referenced Nov 4, 2019
Castaglia
added a commit
that referenced
this issue
Nov 25, 2019
Sashan
pushed a commit
to Sashan/proftpd
that referenced
this issue
Dec 16, 2019
…arge commands in an effort to DoS the server.
Sashan
pushed a commit
to Sashan/proftpd
that referenced
this issue
Dec 16, 2019
…arge commands in an effort to DoS the server.
Sashan
pushed a commit
to Sashan/proftpd
that referenced
this issue
Dec 16, 2019
…arge commands in an effort to DoS the server.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dear @Castaglia —
As discussed, please find below the description of the ProFTPD 1.3.6 denial-of-service issue.
Issue
Remote unauthenticated denial-of-service in ProFTPD 1.3.6, triggered by a malformed network packet due to an incorrect handling of too long commands.
Version
ProFTPD 1.3.6 - ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.6.tar.gz
Description
An unauthenticated attacker can trigger an infinite loop by sending a malformed network packet due to an incorrect handling of too long commands. The issue in the network IO causes a child process that handles the client connection to consume 100% CPU.
If errno is 7 (E2BIG) due to a too long command and the EOF is reached, read() function will always return 0 and will be called indefinitely due to the continue statement:
src/main.c: ... if (cmd_buflen < 0) { if (errno == E2BIG) { /* The client sent a too-long command which was ignored; give * them another chance? */ continue; } ...Impact
Remote unauthenticated denial-of-service
Cheers
-Stephan Zeisberg
The text was updated successfully, but these errors were encountered: