oss-sec mailing list archives
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion
From: Russ Cox <rsc () swtch com>
Date: Mon, 8 May 2017 09:10:12 -0400
On Mon, Apr 24, 2017 at 10:06 AM, Russ Cox <rsc () swtch com> wrote:
Due to the widespread but limited ("only" CPU exhaustion) nature ofthe problem, I have not attempted any embargoed prenotification. I will forward this note directly to product-security () apple com and bugs () pureftpd org. I filled out the "DWF Open Source Request Form v2" for a CVE number for the generic problem, and I will reply here when I receive the number.
FYI, over the weekend I received notification (two weeks after applying) that DWF has declined to issue a CVE number for this general problem. Interested parties will have to obtain their own CVE numbers for specific products. Russ
Current thread:
- remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (Apr 24)
- Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Bob Friesenhahn (Apr 24)
- Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (May 08)
- Re: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Kurt Seifried (May 08)