Bug#672257: proftpd-basic: Causes 100% CPU usage, reading file stats very slowly and using a lot of RAM, possible DoS
Michael Moritz
systems at gn.apc.org
Wed May 9 14:06:34 UTC 2012
Package: proftpd-basic
Version: 1.3.1-17lenny9
Severity: normal
Tags: squeeze
I think this is the same problem as reported here http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630091
But happens even without HideFiles pattern set in teh current stable version of proftpd-basic when accessing a folder with a a lot of files in it (1000+).
The log gives this pattern:
FS: using system stat()
AllowOverride allows all .ftpaccess files
FS: using system stat()
FS: using system access()
FS: using system stat()
FS: using system lstat()
Endlessly repeating. Until a resource limit is hit (if one is set).
It looks like this has been fixed upstream (Fixed in 1.3.3d, released 17-Dec-2010) so wondering why this is not in Debian squeeze.
Sorry for marking this as critical but it renders FTP unusable and needs to be fixed urgently.
Workaround: downgrade to lenny version.
Regards and keep up the good work,
Michael
-- System Information:
Debian Release: 6.0.4
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages proftpd-basic depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf 1.5.36.1 Debian configuration management sy
ii debianutils 3.4 Miscellaneous utilities specific t
ii libacl1 2.2.49-4 Access control list shared library
ii libattr1 1:2.4.44-2 Extended attribute shared library
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libncurses5 5.7+20100313-5 shared libraries for terminal hand
ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8o-4squeeze12 SSL shared libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii netbase 4.45 Basic TCP/IP networking system
ii sed 4.2.1-7 The GNU sed stream editor
ii ucf 3.0025+nmu1 Update Configuration File: preserv
ii update-inetd 4.38+nmu1+squeeze1 inetd configuration file updater
proftpd-basic recommends no packages.
Versions of packages proftpd-basic suggests:
ii openssl 0.9.8o-4squeeze12 Secure Socket Layer (SSL) binary a
pn proftpd-doc <none> (no description available)
pn proftpd-mod-ldap <none> (no description available)
pn proftpd-mod-mysql <none> (no description available)
pn proftpd-mod-pgsql <none> (no description available)
-- Configuration Files:
/etc/cron.monthly/proftpd [Errno 2] No such file or directory: u'/etc/cron.monthly/proftpd'
-- debconf information:
* shared/proftpd/inetd_or_standalone: standalone
More information about the Pkg-proftpd-maintainers
mailing list