Description
Dear @Castaglia —
As discussed, please find below the description of the ProFTPD 1.3.6 denial-of-service issue.
Issue
Remote unauthenticated denial-of-service in ProFTPD 1.3.6, triggered by a malformed network packet due to an incorrect handling of too long commands.
Version
ProFTPD 1.3.6 - ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.6.tar.gz
Description
An unauthenticated attacker can trigger an infinite loop by sending a malformed network packet due to an incorrect handling of too long commands. The issue in the network IO causes a child process that handles the client connection to consume 100% CPU.
If errno is 7 (E2BIG) due to a too long command and the EOF is reached, read() function will always return 0 and will be called indefinitely due to the continue statement:
src/main.c:
...
if (cmd_buflen < 0) {
if (errno == E2BIG) {
/* The client sent a too-long command which was ignored; give
* them another chance?
*/
continue;
}
...Impact
Remote unauthenticated denial-of-service
Cheers
-Stephan Zeisberg