1564 matches found
ProFTPd 1.2 - SIZE Remote Denial of Service
ProFTPd 1.2 - SIZE Remote Denial of Service source: https://www.securityfocus.com/bid/2185/info A memory leak has been reported in all versions of ProFTPd. The SIZE FTP command causes the server to misallocate and leak small amounts of memory each time the command is executed. If a sufficient...
ProFTPd 1.2 - 'SIZE' Remote Denial of Service
source: https://www.securityfocus.com/bid/2185/info A memory leak has been reported in all versions of ProFTPd. The SIZE FTP command causes the server to misallocate and leak small amounts of memory each time the command is executed. If a sufficient number of these commands are executed by the...
DoS против ProFTPD
Утечка памяти в комманде SIZE...
Memory leakage in proftpd leads to remote DoS
Hello, Proftpd has memory leakage bug if it executes SIZE FTP command. Using 5000 SIZE commands causes proftpd to consume over 300kB of memory. Exploiting this bug with more SIZE commands gives us simple DoS attack. Anonymous access is sufficient to use SIZE commands and to exploit this bug. I've...
mod_sqlpw Password Caching Bug
The modsqlpw module for ProFTPD caches the user id and password information returned from the mysql database when attempting to verify a password. When the "user" command is used to switch to another account, the cached password is not cleard, and the password entered is checked against the cache...
Дырка в ProFTPD (mod_sqlpw Password Caching)
Авторизованный пользоватлеь может переключиться в другого не зхная пароля...
FreeBSD-SA-00:35.proftpd
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:35 Security Advisory FreeBSD, Inc. Topic: proftpd port contains remote root compromise Category: ports Module: proftpd Announced: 2000-08-14 Credits: lamagra Affects:...
CVE-2000-0574
Affected software: OpenBSD ftpd, NetBSD ftpd, ProFTPd, and Opieftpd. The issue is that untrusted format strings are not properly cleansed in setproctitle, allowing remote attackers to cause a denial of service or execute arbitrary commands. The connected Nessus document notes an attack scenario w...
ProFTPD Multiple Remote Overflows (palmetto)
The remote ProFTPd server is running a 1.2.0preN version. All the 1.2.0preN versions contain several security flaws that allow an attacker to execute arbitrary code on this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10464; scriptversion"1.25";...
CVE-2000-0574
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function sometimes called by setproctitle, which allows remote attackers to cause a denial of service or execute arbitrary commands...
Удаленный root в proftpd
Дырка похожая на аналогичную в WU, связана с использованием ввода пользователя в качестве форматной строки...
proftp advisory
http://lamagra.seKure.de: advisory 1 Advisory: misc. bugs Programname: proftpd Versions: 1.2.0 = pre10 Vendor: proftpd.net Severity: high root shell and low Contact: [email protected] Bug1: void setproctitlechar fmt,... in src/main.c snippet memsetstatbuf, 0, sizeofstatbuf; vsnprintfstatbuf,...
ftpd: the advisory version
You might have seen the wuftpd exploit by tf8, he released it in his own lame way. But now I bring you the story behind it. The story begins inside the ftpcmd.y file. Which has the ftp commands in it. The bug is in the siteexecchar cmd function. There is calls lreply200,cmd; In ftpd.c we find voi...
CVE-1999-0911
CVE-1999-0911 affects ProFTPD, wu-ftpd, and beroftpd. The vulnerability is a buffer overflow triggered by a sequence of MKD/CWD commands that create nested directories, allowing remote attackers to gain root privileges. Connected docs mention ProFTPD-related overflows (e.g., in 1.2.0pre4/pre6 var...
CVE-1999-0911
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories...
proftpd.mod_sqlpw.txt
A member of the proftpd mailing list and myself discovered a problem with proftpd with modsqlpw.c optional module compiled in. Unix last command reveals passwords where the username should be. A patch was sent to the mailing list, however, the patch only protects ftp localhost not ftp remotehost...
CVE-1999-1475
ProFTPd 1.2 compiled with the modsqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command...
[SECURITY] New version of proftpd fixes remote exploits
The proftpd version that was distributed in Debian GNU/Linux 2.1 had several buffer overruns that could be exploited by remote attackers. A short list of problems: user input was used in snprintf without sufficient checks there was an overflow in the logxfer routine you could overflow a buffer by...
[SECURITY] New version of proftpd fixes remote exploits
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman November 11, 1999 - ------------------------------------------------------------------------ The proftpd version that was...
CVE-1999-0368
Buffer overflows in wuarchive ftpd wu-ftpd and ProFTPD lead to remote root access, a.k.a. palmetto...