[Midnightbsd-cvs] src: glob.c: A recently security vulnerability was reported in glob
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri Oct 8 12:33:29 EDT 2010
Log Message:
-----------
A recently security vulnerability was reported in glob memory limit handling. It allows for remote dos attacks on ftp and sftp servers among other things.
Add new limits based on a patch from DragonFly and NetBSD.
Note there are still issues here:
1. No man page changes yet.
2. sftp has not been fully patched yet.
Modified Files:
--------------
src/lib/libc/gen:
glob.c (r1.2 -> r1.3)
(http://cvsweb.midnightbsd.org/src/lib/libc/gen/glob.c?r1=1.2&r2=1.3)
More information about the Midnightbsd-cvs
mailing list