Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service"
Alexandr Kovalenko
never at nevermind.kiev.ua
Mon Feb 4 21:28:54 UTC 2013
On Mon, Feb 4, 2013 at 6:27 PM, Fabian Wenk <fabian at wenks.ch> wrote:
> A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of
> Service" [1] on the Full-Disclosure mailing list. Is this a known issue to
> the FreeBSD community?
>
> [1]
> http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html
>
> There are also many ftp.*.freebsd.org mirrors listed in the above mention
> posting, so I also put freebsd-hubs@ into the recipient list. This will
> probably help, that ftp mirror operators are alerted and can take any action
> if needed.
I can confirm this is an issue on stable/9 r245742. Though I hardly
can call it DoS as normally ftp account is running with well-defined
ulimits and proper ftpd usage pattern does not generate much CPU
usage, so you can keep limits pretty much low, thus not being affected
by so-called "DoS".
Nevertheless any ideas on how to fix our glob(3)?
Regards,
Alexandr.
More information about the freebsd-hubs
mailing list