From owner-freebsd-security@FreeBSD.ORG Mon Feb 4 21:29:00 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C3A3630D for ; Mon, 4 Feb 2013 21:29:00 +0000 (UTC) (envelope-from never@nevermind.kiev.ua) Received: from mail-vb0-f52.google.com (mail-vb0-f52.google.com [209.85.212.52]) by mx1.freebsd.org (Postfix) with ESMTP id 763EE11E for ; Mon, 4 Feb 2013 21:29:00 +0000 (UTC) Received: by mail-vb0-f52.google.com with SMTP id fa15so4139049vbb.39 for ; Mon, 04 Feb 2013 13:28:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=2k2Ulesc4BTTc5LDTTnLI4TMoXJfE3jZuFIaypHmjQo=; b=Epnhh5vh6zmpVUS/sT0WUwmyRdQ9KmvTXrF47FGdfu9BkHmcKd1sk3oXTX97sfHWCC mm4jHLWQ2P157iSRiYq8s9uCFOJ1B+83+u2KyGdjiM0X0rHwy6aNm626Y2P32oMJ7/0R lP9bfylufartiTz10TV/O4PjWtatANlFJJS9egh6nmyrV36jJrtxcruIDooSzrD8h29a c8KhCnhsa06YxZnYy10ZEcOYLUC/uMu0YcMp9iK3PP+2OErqqmEovlpgN03nIcyCUQav fK4A4mT5+dI59JgUl+rQHsPfTRPB976jtWYJH4He7l48WfroBF7H64UjYn7a+fTX82TN cCPw== MIME-Version: 1.0 X-Received: by 10.220.119.200 with SMTP id a8mr24176006vcr.38.1360013333543; Mon, 04 Feb 2013 13:28:53 -0800 (PST) Received: by 10.220.82.7 with HTTP; Mon, 4 Feb 2013 13:28:53 -0800 (PST) In-Reply-To: <510FE164.6070502@wenks.ch> References: <510FE164.6070502@wenks.ch> Date: Mon, 4 Feb 2013 23:28:53 +0200 Message-ID: Subject: Re: Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service" From: Alexandr Kovalenko To: Fabian Wenk Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlpK4EeGEUV8ddDAA8UN70mjOcv7rV+aaulIMCyxdipWvkN6EnsXFIZ11U/Rp0r7/HDgOTU Cc: freebsd-security@freebsd.org, freebsd-hubs@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 21:29:00 -0000 On Mon, Feb 4, 2013 at 6:27 PM, Fabian Wenk wrote: > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of > Service" [1] on the Full-Disclosure mailing list. Is this a known issue to > the FreeBSD community? > > [1] > http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html > > There are also many ftp.*.freebsd.org mirrors listed in the above mention > posting, so I also put freebsd-hubs@ into the recipient list. This will > probably help, that ftp mirror operators are alerted and can take any action > if needed. I can confirm this is an issue on stable/9 r245742. Though I hardly can call it DoS as normally ftp account is running with well-defined ulimits and proper ftpd usage pattern does not generate much CPU usage, so you can keep limits pretty much low, thus not being affected by so-called "DoS". Nevertheless any ideas on how to fix our glob(3)? Regards, Alexandr.