Proftpd - MLSD lines not properly terminated with CRLF
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Proftpd Dfsg |
Fix Released
|
Medium
|
|||
proftpd-dfsg (Ubuntu) |
Fix Released
|
Medium
|
Brian Morton | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* A bug exists in Proftpd version 1.3.5a. which causes FTP sessions to fail or timeout with strict clients
* The package, as published in LTS, does not comply with the FTP protocol
* Ported upstream patch and test changes
[Test Case]
* Connect to an affected server with ftptest.net
* Prior to the patch, it will fail to perform an MLSD command with an explicit error and explanation
* After the patch, this works as expected
[Regression Potential]
* Failures in SSL connection handling
A bug exists in Proftpd version 1.3.5a. which causes ssl sessions to fail or timeout with some clients
Excerpt from http://
Server seems to send an improperly formatted response causing some clients to
time out.
Log from ftptest.net:
[snip]
Command: TYPE I
Reply: 200 Type set to I
Command: EPSV
Reply: 229 Entering Extended Passive Mode (|||45766|)
Command: MLSD
Status: Data connection established.
Reply: 150 Opening BINARY mode data connection for MLSD
Error: Malformed directory listing
Error: Line feed received without preceding carriage return
This bug has been fixed upstream in version 1.3.5b I recommend getting this fixed this is causing a lot of havoc with my servers I've had to delay my rollout of 16.04 because of this.
affects: | launchpad → proftpd (Ubuntu) |
Changed in proftpd-dfsg: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Changed in proftpd-dfsg (Ubuntu): | |
importance: | Undecided → Medium |
description: | updated |
In the future, please use 'ubuntu-bug package-name' to report Ubuntu bugs. /help.ubuntu. com/community/ ReportingBugs
https:/
You have reported a bug in a non-existent package in Ubuntu archives since 2007. No developer will see this bug report because simply the package does not exist any more.