|
|
| |
| ProFTPD is an FTP daemon for UNIX and UNIX-like operating systems and although this FTP daemon was developed out of the desire to have a secure and configurable FTP server, a security hole in the daemon enables remote attackers to cause a Denial of Service attack against the product. |
| |
Credit:
The information has been provided by Wojciech Purczynski.
Workaround suggested by Dmitry Alyabyev.
|
| |
Vulnerable systems:
ProFTPd version 1.2.0rc2
ProFTPd has memory leakage bug when it executes the SIZE FTP command. By calling the FTP command SIZE 5000 times it possible to cause ProFTPd to consume over 300kB of memory. Exploiting this bug with more SIZE commands gives us simple DoS attack. Anonymous access is sufficient to use SIZE commands and to exploit this bug.
Workaround:
A simple workaround would be to simply deny the SIZE command:
<Limit SIZE>
Deny All
</Limit>
|
|
|
