Subject: bin/9642 (Re: ftpd DoS?)
To: None <tech-security@netbsd.org>
From: Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
List: tech-security
Date: 04/13/2000 08:38:28
by mail.netbsd.org with SMTP; 12 Apr 2000 23:38:31 -0000
by edge.sky.yamashina.kyoto.jp (8.9.3/3.7W-1.11) with ESMTP
id IAA03320
for <tech-security@netbsd.org>; Thu, 13 Apr 2000 08:38:29 +0900 (JST)
(envelope-from taca)
Message-Id: <200004122338.IAA03320@edge.sky.yamashina.kyoto.jp>
To: tech-security@netbsd.org
Subject: bin/9642 (Re: ftpd DoS?)
In-Reply-To: <200003190243.LAA05063@edge.sky.yamashina.kyoto.jp>
References: <200003190243.LAA05063@edge.sky.yamashina.kyoto.jp>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Thu, 13 Apr 2000 08:38:28 +0900
From: Takahiro Kambe <taca@sky.yamashina.kyoto.jp>
In message <200003190243.LAA05063@edge.sky.yamashina.kyoto.jp>
on Sun, 19 Mar 2000 11:43:56 +0900,
Takahiro Kambe <taca@sky.yamashina.kyoto.jp> wrote:
> I've reported bin/9642, ftpd(8) forgets closing data connection in
> passive mode. This gave a chance for DoS attack, anonymous FTP site
> which has empty directory.
This PR was applied on OpenBSD, system/1176.
--
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>