The Register: OpenBSD exploit gets serious
Dec 20, 2000, 18:00 (19 Talkback[s])
(Other stories by John Leyden)
Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame
"An esoteric buffer overflow bug in OpenBSD has been upgraded in
importance after it was discovered that, in certain conditions, it
could allow a cracker to gain remote access to a server."
"Users are recommended to apply a patch to fix the one-byte
buffer overflow vulnerability present in an OpenBSD service called
ftpd(8). The issue particularly affects non-anonymous FTP (File
Transfer Protocol) servers, and administrators of these services
are also been encouraged to use more secure transport
"For a system to be vulnerable, ftpd must have been enabled by
the administrator because by default OpenBSD ships with the service
turned off - though it is a frequently used service."