From owner-cvs-all Mon Jan 20 21:13: 4 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CC2537B401; Mon, 20 Jan 2003 21:13:03 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id B746043E4A; Mon, 20 Jan 2003 21:13:02 -0800 (PST) (envelope-from cjc@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0L5D2bv061637; Mon, 20 Jan 2003 21:13:02 -0800 (PST) (envelope-from cjc@repoman.freebsd.org) Received: (from cjc@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0L5D2DB061636; Mon, 20 Jan 2003 21:13:02 -0800 (PST) Message-Id: <200301210513.h0L5D2DB061636@repoman.freebsd.org> From: "Crist J. Clark" Date: Mon, 20 Jan 2003 21:13:02 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/libexec/ftpd ftpd.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG cjc 2003/01/20 21:13:02 PST Modified files: libexec/ftpd ftpd.c Log: The FTP daemon was vulnerable to a DoS where an attacker could bind() up port 20 for an extended period of time and thus lock out all other users from establishing PORT data connections. Don't hold on to the bind() while we loop around waiting to see if we can make our connection. Being a DoS, it has security implications, giving it a short MFC time. MFC after: 1 day Revision Changes Path 1.133 +26 -19 src/libexec/ftpd/ftpd.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message