Date: Tue, 21 Jan 2003 10:43:14 -0800 From: "Crist J. Clark" <crist.clark@attbi.com> To: Maxim Sobolev <sobomax@portaone.com> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpd.c Message-ID: <20030121184314.GB6871@blossom.cjclark.org> In-Reply-To: <3E2D7FE0.A89831BC@portaone.com> References: <200301210513.h0L5D2DB061636@repoman.freebsd.org> <3E2D7FE0.A89831BC@portaone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 21, 2003 at 07:14:08PM +0200, Maxim Sobolev wrote: > "Crist J. Clark" wrote: > > > > cjc 2003/01/20 21:13:02 PST > > > > Modified files: > > libexec/ftpd ftpd.c > > Log: > > The FTP daemon was vulnerable to a DoS where an attacker could bind() > > up port 20 for an extended period of time and thus lock out all other > > users from establishing PORT data connections. Don't hold on to the > > bind() while we loop around waiting to see if we can make our > > connection. > > > > Being a DoS, it has security implications, giving it a short MFC > > time. > > Huh? What DoS and security implications you are talking about? Without > having root, an user will be unable to bind on port 20 anyway, and > this is default behaviour of FreeBSD. Therefore, I don't tnink that a > short MFC timeframe and subsequent merging into security branches are > really justified. ftpd(8) runs with root privileges for just this reason, to be able to bind to 20/tcp. As for what DoS I am talking about, see, http://docs.freebsd.org/cgi/getmsg.cgi?fetch=22424+0+current/freebsd-security And follow the steps. I can give more detailed instructions or an automated script to do the attack if required. Note that this is a cross platform issue. I originally ran into this problem (accidentally) on Solaris. Check your favorite ftpd today. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121184314.GB6871>