severity 353175 grave 
thanks

Keeping 1.2.10-27 off testing 'til fixing...

On Thu, Feb 16, 2006 at 06:29:41PM +0100, Ralph Rößner wrote:
> Package: proftpd-ldap
> Version: 1.2.10-27
> 
> proftpd segfaults trying to authenticate users via LDAP in all observed
> cases. Authenticating users via PAM (which relies on files, not on LDAP
> in our configuration) works.
> 
> We found no workaround, so downgraded to 1.2.10-26 for now.
> 
> 
> This is a sample ftp session as seen by the client:
> 
> --8><---------------------------------------------------------------
> 
> ftp> open XXXXX
> Connected to XXXXX.capcom.de.
> 220 XXXXXXXXX FTP Server ready.
> Name (XXXXX:XXXXXXXX):
> 331 Password required for XXXXXXXX.
> Password:
> 421 Service not available, remote server has closed connection
> Login failed.
> No control connection for command: Permission denied
> 
> --8><---------------------------------------------------------------
> 
> 
> This is the corresponding syslog entry:
> 
> --8><---------------------------------------------------------------
> 
> Feb 16 17:06:41 XXXXX proftpd[6458]: XXXXX.capcom.de 
> (XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session opened.
> Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de 
> (XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - ProFTPD terminating (signal 11)
> Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de 
> (XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session closed.
> 
> --8><---------------------------------------------------------------
> 
> 
> The last observable activity of the proftpd is enquiring the user and
> group information from the LDAP server and receiving appropriate
> responses. The segfault occurs after receiving the last group search
> response. strace shows that the segfault occurs outside of a system
> call. ltrace shows two searches for configuration keys (AnonymousGroup
> and AuthAliasOnly, both unset) and then this (last line of the config
> search included):
> 
> --8><---------------------------------------------------------------
> 
> [pid 6511] strcmp("AuthAliasOnly", "USER")       = -1
> [pid 6511] memset(0x815e53c, '\000', 48)         = 0x815e53c
> [pid 6511] memset(0x815e56c, '\000', 4)          = 0x815e56c
> [pid 6511] strcasecmp("getpwnam", "getpwnam")    = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
> [pid 6511] strcasecmp("getpwnam", "getpwnam")    = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
> [pid 6511] strcasecmp("XXXXXXXX", "XXXXXXXX")    = 0
> [pid 6511] memset(0x8155904, '\000', 20)         = 0x8155904
> [pid 6511] memset(0x815e574, '\000', 28)         = 0x815e574
> [pid 6511] strlen("XXXXXXXX")                    = 8
> [pid 6511] strlen("XXXXXXXXXXXXXXXXXXXXX")       = 21
> [pid 6511] strlen("")                            = 0
> [pid 6511] strlen("XXXXXXXX")                    = 8
> [pid 6511] memset(0x815e5d4, '\000', 48)         = 0x815e5d4
> [pid 6511] memset(0x815e604, '\000', 4)          = 0x815e604
> [pid 6511] strcasecmp("gid_name", "gid_name")    = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
> [pid 6511] strcasecmp("gid_name", "gid_name")    = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
> [pid 6511] --- SIGSEGV (Segmentation fault) ---
> 
> --8><---------------------------------------------------------------
> 
> 
> proftpd configuration file:
> 
> --8><---------------------------------------------------------------
> 
> #
> # /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
> # To really apply changes reload proftpd after modifications.
> # 
> 
> ServerName                    "XXXXXXXXX FTP Server"
> ServerType                    standalone
> ServerAdmin                     [EMAIL PROTECTED]
> DeferWelcome                  off
> IdentLookups                  off
> 
> MultilineRFC2228              on
> DefaultServer                 on
> ShowSymlinks                  on
> Umask                         0113 0002
> 
> TimeoutNoTransfer             600
> TimeoutStalled                        600
> TimeoutIdle                   1200
> 
> ServerIdent                     on "XXXXXXXXX FTP Server ready."
> DisplayLogin                    welcome.msg
> DisplayFirstChdir               .message
> ListOptions                   "-l"
> 
> DenyFilter                    \*.*/
> 
> # Uncomment this if you are using NIS or LDAP to retrieve passwords:
> PersistentPasswd              off
> 
> # Uncomment this if you would use TLS module:
> #TLSEngine                    on
> 
> # Uncomment this if you would use quota module:
> #Quotas                               on
> 
> # Uncomment this if you would use ratio module:
> #Ratios                               on
> 
> # Port 21 is the standard FTP port.
> Port                          21
> 
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30.  If you need to allow more than 30 concurrent connections
> # at once, simply increase this value.  Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd)
> MaxInstances                  30
> 
> # Set the user and group that the server normally runs at.
> User                          nobody
> Group                         nogroup
> 
> # Umask 022 is a good standard umask to prevent new files and dirs
> # (second parm) from being group and world writable.
> Umask                         022  022
> # Normally, we want files to be overwriteable.
> AllowOverwrite                        on
> 
> # Delay engine reduces impact of the so-called Timing Attack described in
> # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
> # It is on by default. 
> #DelayEngine                  off
> 
> # A basic anonymous configuration, no upload directories.
> 
> <Anonymous ~ftp>
>   User                                ftp
>   Group                               ftp
>   # We want clients to be able to login with "anonymous" as well as "ftp"
>   UserAlias                   anonymous ftp
>   # Cosmetic changes, all files belongs to ftp user
>   DirFakeUser on ftp
>   HideNoAccess                        on
>   DirFakeGroup on ftp
> 
>   RequireValidShell           off
> 
>   # Limit the maximum number of anonymous logins
>   MaxClients                  10
> 
>   # We want 'welcome.msg' displayed at login, and '.message' displayed
>   # in each newly chdired directory.
>   DisplayLogin                        welcome.msg
>   DisplayFirstChdir           .message
> 
>   # Limit WRITE everywhere in the anonymous chroot
>   <Directory *>
>     <Limit WRITE>
>       DenyAll
>     </Limit>
>   </Directory>
> 
>   # Limit downloads to 300kB/s, first MB does not count against this limit.
>   TransferRate RETR 300:1024
> # 
> #   # Uncomment this if you're brave.
> #   # <Directory incoming>
> #   #   # Umask 022 is a good standard umask to prevent new files and dirs
> #   #   # (second parm) from being group and world writable.
> #   #   Umask                         022  022
> #   #            <Limit READ WRITE>
> #   #            DenyAll
> #   #            </Limit>
> #   #            <Limit STOR>
> #   #            AllowAll
> #   #            </Limit>
> #   # </Directory>
> 
> </Anonymous>
> 
> 
> # Nicht-anonyme Benutzer
> 
> DefaultChDir ~ capcom
> DefaultRoot ~ !capcom
> 
> LDAPServer XXXXXXXXXX.capcom.de
> LDAPDNInfo "" ""
> LDAPDoAuth on ou=people,dc=capcom,dc=de "(uid=%v)"
> LDAPAuthBinds on
> LDAPDefaultUID 101
> LDAPDefaultGID 104
> LDAPDoUIDLookups on ou=people,dc=capcom,dc=de "(uid=%v)"
> LDAPDoGIDLookups on ou=groups,dc=capcom,dc=de
> CreateHome on
> LDAPGenerateHomedir on
> LDAPGenerateHomedirPrefix /ccftp/projects
> RequireValidShell off
> 
> <Directory /ccftp/home>
>   Umask 0177 0077
> </Directory>
> 
> --8><---------------------------------------------------------------
> 
> 
> Kernel version: 2.6.15-1-686
> 
> Installed versions of packages on which protpd-ldap depends:
> netbase 4.24
> libc6 2.3.5-13
> libcap1 1:1.10-14
> debconf 1.4.70
> libldap2 2.1.30-12
> libpam0g 0.79-3
> libssl0.9.8 0.9.8a-7
> libwrap0 7.6.dbs-8
> proftpd-common 1.2.10-27
> adduser 3.80
> ucf 2.005
> 
> 
> Regards,
>    Ralph Rößner

-- 
Francesco P. Lovergine

Reply via email to