Contributed by jason on from the one-more-reason-to-use-sftp dept.
A cross-site request forgery attack on ftpd was discovered by SecurityReason's Maksymilian Arciemowic, affecting all the BSDs. The OpenBSD team was first to have fixes for it (see extern.h, ftpcmd.y, and ftpd.c).
The commit can also be found in the archives.
(Comments are closed)