[Bug 1613737] [NEW] Proftpd - MLSD lines not properly terminated with CRLF

[Launchpad Bug Tracker]

You have been subscribed to a public bug by Brian Morton (rokclimb15):

[Impact]

 * A bug exists in Proftpd version 1.3.5a. which causes FTP sessions to
fail or timeout with strict clients

 * The package, as published in LTS, does not comply with the FTP
protocol

 * Ported upstream patch and test changes

[Test Case]

 * Connect to an affected server with ftptest.net

 * Prior to the patch, it will fail to perform an MLSD command with an
explicit error and explanation

 * After the patch, this works as expected

[Regression Potential]

 * Failures in SSL connection handling

A bug exists in Proftpd version 1.3.5a. which causes ssl sessions to
fail or timeout with some clients

Excerpt from http://bugs.proftpd.org/show_bug.cgi?id=4202

Server seems to send an improperly formatted response causing some clients to
time out.

Log from ftptest.net:
[snip]
Command: TYPE I
Reply: 200 Type set to I
Command: EPSV
Reply: 229 Entering Extended Passive Mode (|||45766|)
Command: MLSD
Status: Data connection established.
Reply: 150 Opening BINARY mode data connection for MLSD
Error: Malformed directory listing
Error: Line feed received without preceding carriage return

This bug has been fixed upstream in version 1.3.5b I recommend getting
this fixed this is causing a lot of havoc with my servers I've had to
delay my rollout of 16.04 because of this.

** Affects: proftpd-dfsg
     Importance: Medium
         Status: Fix Released

** Affects: proftpd-dfsg (Ubuntu)
     Importance: Medium
     Assignee: Brian Morton (rokclimb15)
         Status: Confirmed


** Tags: 16.04 patch proftpd xenial
-- 
Proftpd - MLSD lines not properly terminated with CRLF
https://bugs.launchpad.net/bugs/1613737
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.