Fabian Wenk
2013-Feb-04 16:27 UTC
Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service"
Hello A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of Service" [1] on the Full-Disclosure mailing list. Is this a known issue to the FreeBSD community? [1] http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html There are also many ftp.*.freebsd.org mirrors listed in the above mention posting, so I also put freebsd-hubs@ into the recipient list. This will probably help, that ftp mirror operators are alerted and can take any action if needed. bye Fabian
Mark Blackman
2013-Feb-04 19:40 UTC
Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service"
On 4 Feb 2013, at 16:27, Fabian Wenk wrote:> Hello > > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of Service" [1] on the Full-Disclosure mailing list. Is this a known issue to the FreeBSD community? > > [1] http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html > > There are also many ftp.*.freebsd.org mirrors listed in the above mention posting, so I also put freebsd-hubs@ into the recipient list. This will probably help, that ftp mirror operators are alerted and can take any action if needed.I wasn't aware of this one, thanks for the heads up here. - Mark
Alexandr Kovalenko
2013-Feb-04 21:28 UTC
Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service"
On Mon, Feb 4, 2013 at 6:27 PM, Fabian Wenk <fabian at wenks.ch> wrote:> A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of > Service" [1] on the Full-Disclosure mailing list. Is this a known issue to > the FreeBSD community? > > [1] > http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html > > There are also many ftp.*.freebsd.org mirrors listed in the above mention > posting, so I also put freebsd-hubs@ into the recipient list. This will > probably help, that ftp mirror operators are alerted and can take any action > if needed.I can confirm this is an issue on stable/9 r245742. Though I hardly can call it DoS as normally ftp account is running with well-defined ulimits and proper ftpd usage pattern does not generate much CPU usage, so you can keep limits pretty much low, thus not being affected by so-called "DoS". Nevertheless any ideas on how to fix our glob(3)? Regards, Alexandr.
Dag-Erling Smørgrav
2013-Feb-05 14:22 UTC
Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service"
Fabian Wenk <fabian at wenks.ch> writes:> A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial > of Service" [1] on the Full-Disclosure mailing list. Is this a known > issue to the FreeBSD community?It's an old issue (first reported in 2010) which was fixed in head last December: http://svnweb.freebsd.org/base?view=revision&revision=243779 I have no idea why it hasn't been merged. DES -- Dag-Erling Sm?rgrav - des at des.no