Date: Tue, 21 Jan 2003 18:03:21 +0200 From: Alexandr Kovalenko <never@nevermind.kiev.ua> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/libexec/ftpd ftpd.c Message-ID: <20030121160321.GC93761@nevermind.kiev.ua> In-Reply-To: <200301210513.h0L5D2DB061636@repoman.freebsd.org> References: <200301210513.h0L5D2DB061636@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Crist J. Clark! On Mon, Jan 20, 2003 at 09:13:02PM -0800, you wrote: > cjc 2003/01/20 21:13:02 PST > > Modified files: > libexec/ftpd ftpd.c > Log: > The FTP daemon was vulnerable to a DoS where an attacker could bind() > up port 20 for an extended period of time and thus lock out all other > users from establishing PORT data connections. Don't hold on to the > bind() while we loop around waiting to see if we can make our > connection. > > Being a DoS, it has security implications, giving it a short MFC > time. > > MFC after: 1 day Will it also be merged to RELENG_4_X ? -- NEVE-RIPE, will build world for food Ukrainian FreeBSD User Group http://uafug.org.ua/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121160321.GC93761>