Gentoo alert 200407-04 (pure-ftpd)
| From: | Thierry Carrez <koon@gentoo.org> | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 200407-04 ] Pure-FTPd: Potential DoS when maximum connections is reached | |
| Date: | Sun, 04 Jul 2004 21:45:26 +0200 | |
| Cc: | bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, security-alerts@linuxsecurity.com |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200407-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Pure-FTPd: Potential DoS when maximum connections is reached Date: July 04, 2004 Bugs: #54590 ID: 200407-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Pure-FTPd contains a bug potentially allowing a Denial of Service attack when the maximum number of connections is reached. Background ========== Pure-FTPd is a fast, production-quality and standards-compliant FTP server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/pure-ftpd <= 1.0.18 >= 1.0.18-r1 Description =========== Pure-FTPd contains a bug in the accept_client function handling the setup of new connections. Impact ====== When the maximum number of connections is reached an attacker could exploit this vulnerability to perform a Denial of Service attack. Workaround ========== There is no known workaround at this time. All users are encouraged to upgrade to the latest available version. Resolution ========== All Pure-FTPd users should upgrade to the latest stable version: # emerge sync # emerge -pv ">=net-ftp/pure-ftpd-1.0.18-r1" # emerge ">=net-ftp/pure-ftpd-1.0.18-r1" References ========== [ 1 ] Pure-FTPd website http://www.pureftpd.org Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200407-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2004 Gentoo Technologies, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/1.0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA6F5WvcL1obalX08RAvu6AJ9YGZ55W44TfnJ04d6SW/zynBLAUwCfRXkx fq1wAuhM5oqWwrCtSc25hNk= =Pzab -----END PGP SIGNATURE-----
(Log in to post comments)