CVE-2004-2259

Vulnerability

vsftpd versions before 1.2.2 contain a signal handling bug where the SIGCHLD handler calls non-reentrant functions (malloc, free) inside the accept routine. Under heavy load, a SIGCHLD signal can interrupt these calls, leading to deadlock or crash. The issue affects vsftpd 1.2.1 and earlier, as confirmed by Red Hat Bugzilla [3] and Secunia [1].

Exploitation

An attacker can cause heavy load on the FTP server (e.g., by initiating many connections) to trigger the race condition. No authentication is required; the attacker only needs network access to the FTP port. The SIGCHLD signal from child processes can interrupt malloc/free in the parent's accept loop, as described in the bug report [3].

Impact

Successful exploitation causes the vsftpd process to crash or stop accepting connections, resulting in denial of service. No data compromise or privilege escalation occurs [2][3].

Mitigation

The vulnerability is fixed in vsftpd 1.2.2 (upstream) and in Red Hat Enterprise Linux 3 via updated package vsftpd-1.2.1-4 or later [2][3]. Users should upgrade to the fixed version. No workaround is documented; upgrading is the recommended action.