Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 09:10:12 -0400
From: Russ Cox <rsc@...ch.com>
To: oss-security@...ts.openwall.com
Subject: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion

On Mon, Apr 24, 2017 at 10:06 AM, Russ Cox <rsc@...ch.com> wrote:
> > Due to the widespread but limited ("only" CPU exhaustion) nature of
> the problem, I have not attempted any embargoed prenotification.
> I will forward this note directly to product-security@...le.com and
> bugs@...eftpd.org. I filled out the "DWF Open Source Request Form v2"
> for a CVE number for the generic problem, and I will reply here when
> I receive the number.

FYI, over the weekend I received notification (two weeks after applying)
that DWF has declined to issue a CVE number for this general problem.
Interested parties will have to obtain their own CVE numbers for specific
products.

Russ

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ