vsftpd terminated after buffer overflow detected in Linux

Issue :

When run the “ftp open” command, vsftpd terminated after buffer overflow detected printed.

[root@unixonline ~]#  ftp localhost
Connected to localhost.localdomain.
*** buffer overflow detected ***: /usr/sbin/vsftpd terminated
======= Backtrace: =========
/lib64/libc.so.6(__chk_fail+0x2f)[0x2b43730d0c5f]
KERBEROS_V4 rejected as an authentication type

Or “lftp” command “ls” is returned “Delaying before reconnect”.

[root@unixonline ~]# lftp test@192.168.10.10:~> ls
`ls' at 0 [Delaying before reconnect: 30]

Resolution :

Change the localtime file.

[root@unixonline ~]# yum update tzdata
[root@unixonline ~]# rm /etc/localtime (remove symlink)
[root@unixonline ~]# cp /usr/share/zoneinfo/Asia/Seoul /etc/localtime

Root Cause :

If there is using custom localtime file or old version localtime file, this issue can been countered with buffer overflow message.

Diagnostic Steps :

Check the process number which is occurred “terminated after buffer overflow detected” message.

[root@unixonline ~]# ps aux | grep vsftpd | grep -v "grep" | awk '{print $2}'
1234

2. Generate trace file using strace tool.

[root@unixonline ~]# strace -f -o /tmp/vsftpd.strace -s 1024 -tt -p 1234

3. Reproducing the issue.

[root@unixonlineclient ~]# ftp 192.168.10.1

4. After all steps done, can check the “terminated after buffer overflow detected” message in vsftpd.strace.

21470 16:57:41.029462 open("/etc/localtime", O_RDONLY) = 3
21470 16:57:41.029534 lseek(3, 0, SEEK_END) = 642
21470 16:57:41.029590 lseek(3, 578, SEEK_SET) = 578
21470 16:57:41.029643 read(3,
"\4\1\4\1\4\1\4\1\4\1\4\1\4\1\4\1\0\0w\210\0\0\0\0~\220\0\0\0\0~\220\1\4\0\0p\200\0\0
\0\0\214\240\1\4KST\0KDT\0\0\0\0\0\0\0\0\0\0\0", 64) = 64
21470 16:57:41.029706 lseek(3, 64, SEEK_SET) = 64
21470 16:57:41.029769 open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = -1 ENXIO (No such device or address)
21470 16:57:41.029881 writev(2, [{"*** ", 4}, {"buffer overflow detected", 24}, {"***: ", 6}, {"/usr/sbin/vsftpd", 16}, {" terminated\n", 12}], 5) = 62
21470 16:57:41.030058 mmap(NULL, 4096, PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe308bf3000
21470 16:57:41.030502 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
21470 16:57:41.030590 fstat(4, {st_mode=S_IFREG|0644, st_size=21455, ...}) = 0
21470 16:57:41.030660 mmap(NULL, 21455, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7fe308bdd000
21470 16:57:41.030722 close(4) = 0

!!!! For Create a Custom or Disable DST(daylight-saving time) in RHEL/CentOS Linux, please refer to Disable DST in Linux. !!!!

Leave a Comment Cancel reply