A vulnerability has been identified in ProFTPD, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the "main.c" file where the "cmd_buf_size" size of the buffer used to handle FTP commands sent by clients is not properly set to the size configured via the "CommandBufferSize" directive, which could be exploited by attackers to compromise a vulnerable server via a specially crafted FTP command. I backported fix from http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292&r2=1.293&sortby=date How-To-Repeat: see http://www.frsirt.com/english/advisories/2006/4451
State Changed From-To: open->feedback Awaiting maintainers feedback
I approve the patch. Beech Rintoul (Maintainer) -- --------------------------------------------------------------------------------------- Beech Rintoul - Sys. Administrator - beech@alaskaparadise.com /"\ ASCII Ribbon Campaign | Alaska Paradise Travel \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com ---------------------------------------------------------------------------------------
State Changed From-To: feedback->open maintainer approved
Responsible Changed From-To: freebsd-ports-bugs->shaun Grab.
shaun 2006-11-15 00:05:59 UTC FreeBSD ports repository Modified files: ftp/proftpd Makefile Added files: ftp/proftpd/files patch-main.c Log: Add a patch from CVS to fix a security vulnerability. PR: ports/105510 Submitted by: Alex Samorukov <samm@os2.kiev.ua> Approved by: Beech Rintoul <beech@alaskaparadise.com> (maintainer) Security: VuXML cca97f5f-7435-11db-91de-0008743bf21a Revision Changes Path 1.91 +1 -1 ports/ftp/proftpd/Makefile 1.1 +46 -0 ports/ftp/proftpd/files/patch-main.c (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, thanks!
Dear Sirs, we just recompiled the port on two different boxes (FreeBSD 6.1 and FreeBSD 5.4). The result are: - With the main.c patch applied, if you connect to the FTP server and then enter a user name, press RETURN, then crash. (15:14:17 default@<~>) # ftp pan Connected to pan.xxx.it 220 I am PAN, wtf did you say you are ? Name (pan:default): <valid_user> 421 Service not available, remote server has closed connection. ftp: Login failed. ftp> quit In the /var/log/messages: Nov 15 14:27:42 pan kernel: pid 64242 (proftpd), uid 65534: exited on signal 11 If you remove the patch and recompile the port, proftpd works fine. Best regards, Alessandro Dellavedova
Ok, spotted the problem, if you use that patch then the: CommandBufferSize keyword MUST be present in the proftpd configuration file, otherwise the daemon crashes as soon as you try to attach to it.
On Wed, Nov 15, 2006 at 04:00:14PM +0000, Alessandro Dellavedova wrote: > > Ok, spotted the problem, if you use that patch then the: > > CommandBufferSize > > keyword MUST be present in the proftpd configuration file, otherwise > the daemon crashes as soon as you try to attach to it. > I've fixed the port now. Thanks for your report. -- Shaun Amott // PGP: 0x6B387A9A "A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson
Hello, the patch causes proftpd comply when CommandBufferSize is not used. I think that next change (http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.293&r2=1.294&sortby=date) fixes this behaviour. -- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "One World. One Web. One Program." - Microsoft promotional advertisement "Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler