Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Jan 2003 10:43:14 -0800
From:      "Crist J. Clark" <crist.clark@attbi.com>
To:        Maxim Sobolev <sobomax@portaone.com>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/libexec/ftpd ftpd.c
Message-ID:  <20030121184314.GB6871@blossom.cjclark.org>
In-Reply-To: <3E2D7FE0.A89831BC@portaone.com>
References:  <200301210513.h0L5D2DB061636@repoman.freebsd.org> <3E2D7FE0.A89831BC@portaone.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 21, 2003 at 07:14:08PM +0200, Maxim Sobolev wrote:
> "Crist J. Clark" wrote:
> > 
> > cjc         2003/01/20 21:13:02 PST
> > 
> >   Modified files:
> >     libexec/ftpd         ftpd.c
> >   Log:
> >   The FTP daemon was vulnerable to a DoS where an attacker could bind()
> >   up port 20 for an extended period of time and thus lock out all other
> >   users from establishing PORT data connections. Don't hold on to the
> >   bind() while we loop around waiting to see if we can make our
> >   connection.
> > 
> >   Being a DoS, it has security implications, giving it a short MFC
> >   time.
> 
> Huh? What DoS and security implications you are talking about? Without
> having root, an user will be unable to bind on port 20 anyway, and
> this is default behaviour of FreeBSD. Therefore, I don't tnink that a
> short MFC timeframe and subsequent merging into security branches are
> really justified.

ftpd(8) runs with root privileges for just this reason, to be able to
bind to 20/tcp. As for what DoS I am talking about, see,

  http://docs.freebsd.org/cgi/getmsg.cgi?fetch=22424+0+current/freebsd-security

And follow the steps. I can give more detailed instructions or an
automated script to do the attack if required.

Note that this is a cross platform issue. I originally ran into this
problem (accidentally) on Solaris. Check your favorite ftpd today.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121184314.GB6871>