Date: Mon, 8 May 2017 09:10:12 -0400 From: Russ Cox <rsc@...ch.com> To: oss-security@...ts.openwall.com Subject: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion On Mon, Apr 24, 2017 at 10:06 AM, Russ Cox <rsc@...ch.com> wrote: > > Due to the widespread but limited ("only" CPU exhaustion) nature of > the problem, I have not attempted any embargoed prenotification. > I will forward this note directly to product-security@...le.com and > bugs@...eftpd.org. I filled out the "DWF Open Source Request Form v2" > for a CVE number for the generic problem, and I will reply here when > I receive the number. FYI, over the weekend I received notification (two weeks after applying) that DWF has declined to issue a CVE number for this general problem. Interested parties will have to obtain their own CVE numbers for specific products. Russ
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ