The Register: OpenBSD exploit gets serious
Dec 20, 2000, 18:00 (19 Talkback[s])
(Other stories by John Leyden)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"An esoteric buffer overflow bug in OpenBSD has been upgraded in
importance after it was discovered that, in certain conditions, it
could allow a cracker to gain remote access to a server."
"Users are recommended to apply a patch to fix the one-byte
buffer overflow vulnerability present in an OpenBSD service called
ftpd(8). The issue particularly affects non-anonymous FTP (File
Transfer Protocol) servers, and administrators of these services
are also been encouraged to use more secure transport
"For a system to be vulnerable, ftpd must have been enabled by
the administrator because by default OpenBSD ships with the service
turned off - though it is a frequently used service."