severity 353175 grave
thanks
Keeping 1.2.10-27 off testing 'til fixing...
On Thu, Feb 16, 2006 at 06:29:41PM +0100, Ralph Rößner wrote:
> Package: proftpd-ldap
> Version: 1.2.10-27
>
> proftpd segfaults trying to authenticate users via LDAP in all observed
> cases. Authenticating users via PAM (which relies on files, not on LDAP
> in our configuration) works.
>
> We found no workaround, so downgraded to 1.2.10-26 for now.
>
>
> This is a sample ftp session as seen by the client:
>
> --8><---------------------------------------------------------------
>
> ftp> open XXXXX
> Connected to XXXXX.capcom.de.
> 220 XXXXXXXXX FTP Server ready.
> Name (XXXXX:XXXXXXXX):
> 331 Password required for XXXXXXXX.
> Password:
> 421 Service not available, remote server has closed connection
> Login failed.
> No control connection for command: Permission denied
>
> --8><---------------------------------------------------------------
>
>
> This is the corresponding syslog entry:
>
> --8><---------------------------------------------------------------
>
> Feb 16 17:06:41 XXXXX proftpd[6458]: XXXXX.capcom.de
> (XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session opened.
> Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de
> (XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - ProFTPD terminating (signal 11)
> Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de
> (XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session closed.
>
> --8><---------------------------------------------------------------
>
>
> The last observable activity of the proftpd is enquiring the user and
> group information from the LDAP server and receiving appropriate
> responses. The segfault occurs after receiving the last group search
> response. strace shows that the segfault occurs outside of a system
> call. ltrace shows two searches for configuration keys (AnonymousGroup
> and AuthAliasOnly, both unset) and then this (last line of the config
> search included):
>
> --8><---------------------------------------------------------------
>
> [pid 6511] strcmp("AuthAliasOnly", "USER") = -1
> [pid 6511] memset(0x815e53c, '\000', 48) = 0x815e53c
> [pid 6511] memset(0x815e56c, '\000', 4) = 0x815e56c
> [pid 6511] strcasecmp("getpwnam", "getpwnam") = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
> [pid 6511] strcasecmp("getpwnam", "getpwnam") = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
> [pid 6511] strcasecmp("XXXXXXXX", "XXXXXXXX") = 0
> [pid 6511] memset(0x8155904, '\000', 20) = 0x8155904
> [pid 6511] memset(0x815e574, '\000', 28) = 0x815e574
> [pid 6511] strlen("XXXXXXXX") = 8
> [pid 6511] strlen("XXXXXXXXXXXXXXXXXXXXX") = 21
> [pid 6511] strlen("") = 0
> [pid 6511] strlen("XXXXXXXX") = 8
> [pid 6511] memset(0x815e5d4, '\000', 48) = 0x815e5d4
> [pid 6511] memset(0x815e604, '\000', 4) = 0x815e604
> [pid 6511] strcasecmp("gid_name", "gid_name") = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
> [pid 6511] strcasecmp("gid_name", "gid_name") = 0
> [pid 6511] memcpy(0xbfd72a40, "", 2048) = 0xbfd72a40
> [pid 6511] --- SIGSEGV (Segmentation fault) ---
>
> --8><---------------------------------------------------------------
>
>
> proftpd configuration file:
>
> --8><---------------------------------------------------------------
>
> #
> # /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
> # To really apply changes reload proftpd after modifications.
> #
>
> ServerName "XXXXXXXXX FTP Server"
> ServerType standalone
> ServerAdmin [EMAIL PROTECTED]
> DeferWelcome off
> IdentLookups off
>
> MultilineRFC2228 on
> DefaultServer on
> ShowSymlinks on
> Umask 0113 0002
>
> TimeoutNoTransfer 600
> TimeoutStalled 600
> TimeoutIdle 1200
>
> ServerIdent on "XXXXXXXXX FTP Server ready."
> DisplayLogin welcome.msg
> DisplayFirstChdir .message
> ListOptions "-l"
>
> DenyFilter \*.*/
>
> # Uncomment this if you are using NIS or LDAP to retrieve passwords:
> PersistentPasswd off
>
> # Uncomment this if you would use TLS module:
> #TLSEngine on
>
> # Uncomment this if you would use quota module:
> #Quotas on
>
> # Uncomment this if you would use ratio module:
> #Ratios on
>
> # Port 21 is the standard FTP port.
> Port 21
>
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30. If you need to allow more than 30 concurrent connections
> # at once, simply increase this value. Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd)
> MaxInstances 30
>
> # Set the user and group that the server normally runs at.
> User nobody
> Group nogroup
>
> # Umask 022 is a good standard umask to prevent new files and dirs
> # (second parm) from being group and world writable.
> Umask 022 022
> # Normally, we want files to be overwriteable.
> AllowOverwrite on
>
> # Delay engine reduces impact of the so-called Timing Attack described in
> # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
> # It is on by default.
> #DelayEngine off
>
> # A basic anonymous configuration, no upload directories.
>
> <Anonymous ~ftp>
> User ftp
> Group ftp
> # We want clients to be able to login with "anonymous" as well as "ftp"
> UserAlias anonymous ftp
> # Cosmetic changes, all files belongs to ftp user
> DirFakeUser on ftp
> HideNoAccess on
> DirFakeGroup on ftp
>
> RequireValidShell off
>
> # Limit the maximum number of anonymous logins
> MaxClients 10
>
> # We want 'welcome.msg' displayed at login, and '.message' displayed
> # in each newly chdired directory.
> DisplayLogin welcome.msg
> DisplayFirstChdir .message
>
> # Limit WRITE everywhere in the anonymous chroot
> <Directory *>
> <Limit WRITE>
> DenyAll
> </Limit>
> </Directory>
>
> # Limit downloads to 300kB/s, first MB does not count against this limit.
> TransferRate RETR 300:1024
> #
> # # Uncomment this if you're brave.
> # # <Directory incoming>
> # # # Umask 022 is a good standard umask to prevent new files and dirs
> # # # (second parm) from being group and world writable.
> # # Umask 022 022
> # # <Limit READ WRITE>
> # # DenyAll
> # # </Limit>
> # # <Limit STOR>
> # # AllowAll
> # # </Limit>
> # # </Directory>
>
> </Anonymous>
>
>
> # Nicht-anonyme Benutzer
>
> DefaultChDir ~ capcom
> DefaultRoot ~ !capcom
>
> LDAPServer XXXXXXXXXX.capcom.de
> LDAPDNInfo "" ""
> LDAPDoAuth on ou=people,dc=capcom,dc=de "(uid=%v)"
> LDAPAuthBinds on
> LDAPDefaultUID 101
> LDAPDefaultGID 104
> LDAPDoUIDLookups on ou=people,dc=capcom,dc=de "(uid=%v)"
> LDAPDoGIDLookups on ou=groups,dc=capcom,dc=de
> CreateHome on
> LDAPGenerateHomedir on
> LDAPGenerateHomedirPrefix /ccftp/projects
> RequireValidShell off
>
> <Directory /ccftp/home>
> Umask 0177 0077
> </Directory>
>
> --8><---------------------------------------------------------------
>
>
> Kernel version: 2.6.15-1-686
>
> Installed versions of packages on which protpd-ldap depends:
> netbase 4.24
> libc6 2.3.5-13
> libcap1 1:1.10-14
> debconf 1.4.70
> libldap2 2.1.30-12
> libpam0g 0.79-3
> libssl0.9.8 0.9.8a-7
> libwrap0 7.6.dbs-8
> proftpd-common 1.2.10-27
> adduser 3.80
> ucf 2.005
>
>
> Regards,
> Ralph Rößner
--
Francesco P. Lovergine
