Subject: ftpd DoS?
To: None <tech-security@netbsd.org>
From: Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
List: tech-security
Date: 03/19/2000 11:43:56
by redmail.netbsd.org with SMTP; 19 Mar 2000 02:44:10 -0000
by edge.sky.yamashina.kyoto.jp (8.9.3/3.7W-1.11) with ESMTP
id LAA05063
for <tech-security@netbsd.org>; Sun, 19 Mar 2000 11:43:56 +0900 (JST)
(envelope-from taca)
Message-Id: <200003190243.LAA05063@edge.sky.yamashina.kyoto.jp>
To: tech-security@netbsd.org
Subject: ftpd DoS?
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Sun, 19 Mar 2000 11:43:56 +0900
From: Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
Hi.
I've reported bin/9642, ftpd(8) forgets closing data connection in
passive mode. This gave a chance for DoS attack, anonymous FTP site
which has empty directory.
--
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>