vsftpd terminated after buffer overflow detected

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux 7.X

  • Packages

    • vsftpd-3.0.2-22.el7.x86_64
    • glibc-common-2.17-222.el7.x86_64
    • ftp-0.17-67.el7.x86_64

Issue

When run the "ftp open" command, vsftpd terminated after buffer overflow detected printed.

Resolution

Change the localtime file.

[root@server ~]# yum update tzdata
[root@server ~]# rm /etc/localtime (remove symlink)
[root@server ~]# cp /usr/share/zoneinfo/Asia/Seoul /etc/localtime

Root Cause

If there is using custom localtime file or old version localtime file, this issue can be encountered with buffer overflow message.

Diagnostic Steps

  1. Check the process number which is occurred "terminated after buffer overflow detected" message.

    [root@server ~]# ps aux | grep vsftpd  | grep -v "grep" | awk '{print $2}'
1234

  2. Generate trace file using strace tool.

    [root@server ~]# strace -f -o /tmp/vsftpd.strace -s 1024 -tt -p 1234

  3. Reproducing the issue.

    [root@client ~]# ftp 192.168.10.1

  4. After all steps done, can check the "terminated after buffer overflow detected" message in vsftpd.strace.

    21470 16:57:41.029462 open("/etc/localtime", O_RDONLY) = 3
21470 16:57:41.029534 lseek(3, 0, SEEK_END) = 642
21470 16:57:41.029590 lseek(3, 578, SEEK_SET) = 578
21470 16:57:41.029643 read(3, "\4\1\4\1\4\1\4\1\4\1\4\1\4\1\4\1\0\0w\210\0\0\0\0~\220\0\0\0\0~\220\1\4\0\0p\200\0\0\0\0\214\240\1\4KST\0KDT\0\0\0\0\0\0\0\0\0\0\0", 64) = 64
21470 16:57:41.029706 lseek(3, 64, SEEK_SET) = 64
21470 16:57:41.029769 open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = -1 ENXIO (No such device or address)
21470 16:57:41.029881 writev(2, [{"*** ", 4}, {"buffer overflow detected", 24}, {" ***: ", 6}, {"/usr/sbin/vsftpd", 16}, {" terminated\n", 12}], 5) = 62
21470 16:57:41.030058 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe308bf3000
21470 16:57:41.030502 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 4
21470 16:57:41.030590 fstat(4, {st_mode=S_IFREG|0644, st_size=21455, ...}) = 0
21470 16:57:41.030660 mmap(NULL, 21455, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7fe308bdd000
21470 16:57:41.030722 close(4)          = 0

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments