Package: twoftpd Version: 1.21-2 Severity: important
The authentication process eats all available CPU power and does not return success, even when the given password is correct. strace'ing the process shows this output: write(4, ptrace: umoven: Input/output error 0xfffffffff8578bf1, 133745645) = -1 EFAULT (Bad address) write(4, ptrace: umoven: Input/output error 0xfffffffff8578bf0, 133745646) = -1 EFAULT (Bad address) write(4, ptrace: umoven: Input/output error 0xfffffffff8578bef, 133745647) = -1 EFAULT (Bad address) repeated over and over. (My test was to connect to the localhost machine using lftp, and if the twoftpd-auth process is killed, it simply respawns a new one, which proceeds to enter the same loop right away.) -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17-2-amd64 Locale: LANG=es_CL.UTF-8, LC_CTYPE=es_CL.UTF-8 (charmap=UTF-8) Versions of packages twoftpd depends on: ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries Versions of packages twoftpd recommends: ii cvm 0.76-2 Credential Validation Modules ii ipsvd 0.12.1-1 Internet protocol service daemons ii runit 1.7.1-1 a UNIX init scheme with service su ii twoftpd-run 1.21-2 a simple secure efficient FTP serv -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
