| VID |
16041 |
| Severity |
20 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The ProFTPd is vulnerable to a Denial of Service attack via specially crafted 'ls' command.
Many vulnerabilities caused by a poor globbing algorithms. This vulnerability arises when a remote attacker sends several "Is" commands followed by specially-crafted "dot dot" sequences (such as (*/../*/) or (.*./*?/)). It is possible for the server to starts to consume all CPU and memory resources available to it. If multiple simultaneous connections are allowed, it will take 100% CPU time and memory resources on the server and cause the server or the FTP daemon to crash.
You can test this vulnerability by issuing the commands as the following:
ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
ls */.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/*/.*/
ls .*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/.*./*?/
* Platforms Affected :
ProFTPD versions 1.2.1 and earlier |
| Recommendation |
Upgrade to the latest version of ProFTPD (1.2.5rc1 or later), available from the ProFTPD Web site, http://www.proftpd.org/
Now the latest version, ProFTPD 1.2.8rc1, has just been released on the Dec 28, 2002.
As the workaround, add the following directive in proftpd.conf:
"DenyFilter /\*/\.\." |
| Related URL |
CVE-2001-1501 (CVE) |
| Related URL |
2496,6341 (SecurityFocus) |
| Related URL |
7818 (ISS) |
|
