Date: Mon, 20 Jan 2003 21:13:02 -0800 (PST) From: "Crist J. Clark" <cjc@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/libexec/ftpd ftpd.c Message-ID: <200301210513.h0L5D2DB061636@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
cjc 2003/01/20 21:13:02 PST
Modified files:
libexec/ftpd ftpd.c
Log:
The FTP daemon was vulnerable to a DoS where an attacker could bind()
up port 20 for an extended period of time and thus lock out all other
users from establishing PORT data connections. Don't hold on to the
bind() while we loop around waiting to see if we can make our
connection.
Being a DoS, it has security implications, giving it a short MFC
time.
MFC after: 1 day
Revision Changes Path
1.133 +26 -19 src/libexec/ftpd/ftpd.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301210513.h0L5D2DB061636>