Date: Thu, 01 Aug 2002 21:29:40 +1100 (EDT) From: "Paul Smedley" Subject: [VOICENWS] SW: FtpServer 1.05 From: "Peter Moylan" A socket leak has been discovered in FtpServer. (Actually, it was reported some time ago, but until recently I was never able to reproduce it.) It happens when a client uses passive ftp and then attempts to do an illegal operation. This is probably not a problem on small-traffic sites, but could cause serious problems if you have a heavily-used server, and most particularly if you are being attacked by hackers trying to find ways to break into your site. In such cases your system will eventually run out of available sockets, effectively blocking all network operations. Accordingly, users of FtpServer are strongly advised to upgrade to version 1.05, which can be found at http://eepjm.newcastle.edu.au/os2/ftpserver.html or at ftp://eepjm.newcastle.edu.au/software/ftpser105.zip LIST OF CHANGES (since version 1.00) Version 1.05 Fixed a crash on hacker attempt to create impossible directory. Fixed a socket leak in passive mode. Change to way nameserver lookup is done, for better performance in the case of a denial-of-service attack. Added logging of soclose() failures. Peter Moylan -- Peter Moylan peteratee.newcastle.edu.au http://eepjm.newcastle.edu.au PCMCIA (People Can't Memorize Computer Industry Acronyms) -- To unsubscribe yourself from this list, send the following message to majormajoratos2voice.org unsubscribe news end If you have an announcement you would like posted to the VOICE News list, please send it to submitatos2voice.org. Please include a valid reply address and a real contact name. If you wish to comment on this post, please reply to feedbackatos2voice.org