[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] FTPD DoS (x-posted to cobalt-users)

Subject: Re: [cobalt-security] FTPD DoS (x-posted to cobalt-users)
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
Date: Sat, 17 Mar 2001 10:38:14 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Within the last few hours it's become clear theres a simple DoS in
> Cobalt's FTPd which causes the RaQ (2/3/4i) to shoot to 100% cpu load.
> Repeat the steps a few times (takes minutes to do) and the RaQ completely
> stops responding (well, it becomes so lagged its completely unusable at
> any rate), and you have to hit the reset switch.

There is now a published workaround which I've tested on both RaQ3'sand
RaQ4's:
http://bugs.proftpd.org/show_bug.cgi?id=1066

Basically, you need to add the follwing filter to your /etc/proftpd.conf
file with the <Global></Global> directive:

    DenyFilter   \*.*/

Don't forget to restart inetd too:
/etc/rc.d/init.d/inet restart


Regards,
Jonathan Michaelson

Follow-Ups:
- Re: [cobalt-security] FTPD DoS (x-posted to cobalt-users)
  - From: baltimoremd
- RE: [cobalt-security] FTPD DoS (x-posted to cobalt-users)
  - From: Chris Burton
- Re: [cobalt-security] FTPD DoS (x-posted to cobalt-users)
  - From: Gossi The Dog
- [cobalt-security] How to locate SUID = root files?
  - From: Michael Stauber

References:
- [cobalt-security] FTPD DoS
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] local ftp and pop3 logins
Next by Date: Re: [cobalt-security] FTPD DoS (x-posted to cobalt-users)
Previous by thread: [cobalt-security] FTPD DoS
Next by thread: Re: [cobalt-security] FTPD DoS (x-posted to cobalt-users)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index