Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   















      :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[inet-admins] Fw: FTP compromise.



I think that mos of you receive bugtraq but for the sake of health 


------
Ilya Shulman   ish@east.ru        +7-095-956-4951 ISH-RIPN
East Connection ISP, Moscow, Russia. http://www.east.ru

----------
> From: Aleph One <aleph1@dfw.net>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: FTP compromise.
> Date: 9  1997 . 18:45
> 
> ---------- Forwarded message ----------
> Date: Tue, 9 Sep 1997 14:43:46 +0100
> From: Josef Karthauser <joe@pavilion.net>
> To: security@FreeBSD.ORG
> Subject: FTP compromise.
> 
> I found this today.  Any comments?
> 
> 
> BUG:            wu_ftpd (all versions)
> 
> TESTED:         BSDI 3.0 (all patches), FreeBSD 2.2.1
> 
> DATE:           15th Aug 1997
> 
> REPEAT BY:      Log into a wu_ftp server (either anonymously or as a
user)
>                 and issue the command...
> 
>                 nlist ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
>                 ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
>                 ../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/
>                 ../*/../*/../*/../*/../*../*../*
> 
> DESCRIPTION:    You can severly compromise the ftp servers performance.
>                 This command will create a HUGE directory listing, no
>                 matter how many files/directories are in the current
>                 directory (this is recursive).
> 
> CONSEQUENCES:   These vary.  On my FreeBSD 2.2 box I was able to eat up
>                 all memory and swap memory until the kernel spewed
>                 "out of swap space" errors and killed a few processes.
>                 It also eats up all available CPU space (up to 99.22%
>                 on my box).  If repeated a few times you will no
>                 longer use up swap space and the processor usage will
>                 rocket and stay there for quite a while (hours).  Since
>                 the ftpd program is still processing the command your
>                 ftp session will not idle timeout.  However, if you
>                 do decide to kill your attacking ftp session, ftpd
>                 will still process teh command and therefore, the hosts
>                 resources will take a beating.
> 
>                 Basically, it looks like any user can severely drain
>                 your systems resources - a kind of Denial of Service
>                 attack.  I was able to use up all remaining processor
>                 time for two hours (would have gone on for much longer
>                 only I got bored and kill it).
> 
> CONTACT:        You can email me at ener@shell.firehouse.net if you
>                 want to discuss this problem further (or let me know
>                 if it works on any other ftpd).
> 
> --
> Josef Karthauser
> Technical Manager       Email: joe@pavilion.net
> Pavilion Internet plc.  [Tel: +44 1273 607072  Fax: +44 1273 607073]
=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@east.ru if you want to quit.
List archive is accessible at http://www.east.ru/inet-admins/



 




Copyright © Lexa Software, 1996-2009.