From owner-freebsd-security Tue Sep 9 11:13:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA24831 for security-outgoing; Tue, 9 Sep 1997 11:13:02 -0700 (PDT) Received: from chain.freebsd.os.org.za (GTxA0jadpdKCA64FhfT+beK74/B9AgV1@chain.iafrica.com [196.7.74.174]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA24822 for ; Tue, 9 Sep 1997 11:12:52 -0700 (PDT) Received: from localhost (khetan@localhost) by chain.freebsd.os.org.za (8.8.7/8.8.7) with SMTP id UAA17796; Tue, 9 Sep 1997 20:11:49 +0200 (SAT) Date: Tue, 9 Sep 1997 20:11:49 +0200 (SAT) From: Khetan Gajjar X-Sender: khetan@chain Reply-To: Khetan Gajjar To: joe@pavilion.net cc: security@freebsd.org Subject: Re: FTP compromise. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Date: Tue, 9 Sep 1997 14:43:46 +0100 >From: Josef Karthauser >To: security@FreeBSD.ORG >Subject: FTP compromise. >CONSEQUENCES: These vary. On my FreeBSD 2.2 box I was able to eat up > all memory and swap memory until the kernel spewed > "out of swap space" errors and killed a few processes. Just tried this on my 2.2-STABLE box now; I'm running wu-ftpd-2.4.2-beta-13, and after a minute, was nowhere near consuming all CPU time or memory. (output from top) 17745 root 98 0 772K 432K RUN 1:32 67.57% 67.52% ftpd Five minutes later, nothing different happened. 17745 root 105 0 772K 432K RUN 5:05 69.96% 69.96% ftpd --- Khetan Gajjar | khetan@iafrica.com or khetan@os.org.za http://chain.iafrica.com/~khetan | PGP : finger khetan@chain.iafrica.com UUNET Internet Africa Support | FreeBSD enthusiast-www2.za.freebsd.org MOTD : In a world without fences who needs Gates?