Vulnerabilities > CVE-2001-0136 - Memory Leak vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 | |
| OS | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability. CVE-2001-0136. Dos exploit for linux platform id EDB-ID:20536 last seen 2016-02-02 modified 2000-12-20 published 2000-12-20 reporter JeT-Li source https://www.exploit-db.com/download/20536/ title ProFTPD 1.2 - SIZE Remote Denial of Service Vulnerability description ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit. CVE-2001-0136. Dos exploit for linux platform id EDB-ID:244 last seen 2016-01-31 modified 2001-01-12 published 2001-01-12 reporter JeT-Li source https://www.exploit-db.com/download/244/ title ProFTPD <= 1.2.0pre10 - Remote Denial of Service Exploit description ProFTPD 1.2.0(rc2) (memory leakage example) Exploit. CVE-2001-0136. Dos exploit for linux platform id EDB-ID:241 last seen 2016-01-31 modified 2001-01-03 published 2001-01-03 reporter Piotr Zurawski source https://www.exploit-db.com/download/241/ title ProFTPD 1.2.0 rc2 - memory leakage example Exploit
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-021.NASL description The ProFTPD FTP server has problems with memory leaking that could be used in a DoS attack, as reported by Wojciech Purczynski. A memory leak will happen every time a SIZE command was given provided that the scoreboard file is not writable, which is not the case in a default Linux-Mandrake installation. A similar problem also existed with the USER command where every time it was given the server would use more memory. Additionally, some format string vulnerabilities were reported by Przemyslaw Frasunek which have also been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 61895 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61895 title Mandrake Linux Security Advisory : proftpd (MDKSA-2001:021) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:021. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61895); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0136", "CVE-2001-0318"); script_xref(name:"MDKSA", value:"2001:021"); script_name(english:"Mandrake Linux Security Advisory : proftpd (MDKSA-2001:021)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "The ProFTPD FTP server has problems with memory leaking that could be used in a DoS attack, as reported by Wojciech Purczynski. A memory leak will happen every time a SIZE command was given provided that the scoreboard file is not writable, which is not the case in a default Linux-Mandrake installation. A similar problem also existed with the USER command where every time it was given the server would use more memory. Additionally, some format string vulnerabilities were reported by Przemyslaw Frasunek which have also been fixed." ); script_set_attribute( attribute:"solution", value:"Update the affected proftpd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:proftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"proftpd-1.2.0rc3-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-029.NASL description The following problems have been reported for the version of proftpd in Debian 2.2 (potato) : - There is a memory leak in the SIZE command which can result in a denial of service, as reported by Wojciech Purczynski. This is only a problem if proftpd cannot write to its scoreboard file; the default configuration of proftpd in Debian is not vulnerable. - A similar memory leak affects the USER command, also as reported by Wojciech Purczynski. The proftpd in Debian 2.2 is susceptible to this vulnerability; an attacker can cause the proftpd daemon to crash by exhausting its available memory. - There were some format string vulnerabilities reported by Przemyslaw Frasunek. These are not known to have exploits, but have been corrected as a precaution. last seen 2020-06-01 modified 2020-06-02 plugin id 14866 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14866 title Debian DSA-029-2 : proftpd - remote DOS & potential buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-029. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14866); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0136", "CVE-2001-0318"); script_xref(name:"DSA", value:"029"); script_name(english:"Debian DSA-029-2 : proftpd - remote DOS & potential buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The following problems have been reported for the version of proftpd in Debian 2.2 (potato) : - There is a memory leak in the SIZE command which can result in a denial of service, as reported by Wojciech Purczynski. This is only a problem if proftpd cannot write to its scoreboard file; the default configuration of proftpd in Debian is not vulnerable. - A similar memory leak affects the USER command, also as reported by Wojciech Purczynski. The proftpd in Debian 2.2 is susceptible to this vulnerability; an attacker can cause the proftpd daemon to crash by exhausting its available memory. - There were some format string vulnerabilities reported by Przemyslaw Frasunek. These are not known to have exploits, but have been corrected as a precaution." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-029" ); script_set_attribute( attribute:"solution", value: "All three of the above vulnerabilities have been corrected in proftpd-1.2.0pre10-2potato1. We recommend you upgrade your proftpd package immediately." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:proftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"proftpd", reference:"1.2.0pre10-2.0potato1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://www.securityfocus.com/archive/1/152206
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html
- http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
- http://www.debian.org/security/2001/dsa-029
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5801