strange proftpd segfault and conntrack_ftp messages

To: debian-security@lists.debian.org
Subject: strange proftpd segfault and conntrack_ftp messages
From: Christian Hammers <ch@westend.com>
Date: Wed, 2 Jan 2002 17:48:58 +0100
Message-id: <[🔎] 20020102164858.GE24082@westend.com>
Mail-followup-to: Christian Hammers <ch@westend.com>, debian-security@lists.debian.org

Hello

Does anybody know a security bug for which this could be a hint?
(hostname and ip's faked for obvious reasons)

The server runs: 
	kernel 2.4.11-pre6
	xined_2.1.8.8p3-1.1.deb 
	proftpd_1.2.4-2.deb

Except from that the IP only did some normal web browsing without any
tricks like tried cgi accesses or similar.

TIA,

-christian-

On Wed, Jan 02, 2002 at 03:45:03PM +0100, root wrote:
> Jan  2 15:44:17 server kernel: conntrack_ftp: partial PORT 2336475143+1
> Jan  2 15:44:18 server proftpd[3420]: server.domain (111.222.333.444[111.222.333.444]) - SECURITY VIOLATION: root login attempted. 
> Jan  2 15:44:28 server kernel: conntrack_ftp: partial PORT 2339544491+1
> Jan  2 15:44:31 server proftpd[3425]: server.domain (111.222.333.444[111.222.333.444]) - ProFTPD terminating (signal 11) 
> Jan  2 15:44:31 server xinetd[17612]: EXIT: ftp status=1 pid=3425 duration=8(sec)

-- 
Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch@westend.com     Internet & Security for Professionals    Fax 0241/911879
           WESTEND ist CISCO Systems Partner - Premium Certified

Reply to:

Follow-Ups:
- Re: strange proftpd segfault and conntrack_ftp messages
  - From: Sven Hoexter <sven@telelev.net>

Prev by Date: Re: mounting /tmp noexec
Next by Date: Re: mounting /tmp noexec
Previous by thread: Re: mounting /tmp noexec
Next by thread: Re: strange proftpd segfault and conntrack_ftp messages
Index(es):
- Date
- Thread