Opened 17 years ago

Closed 17 years ago

Last modified 8 years ago

#74 closed defect (fixed)

Possible local DoS for yule on some BSD systems

Reported by: anonymous Owned by: rainer
Priority: major Milestone: 2.3.6
Component: main Version:
Keywords: Cc:

Description

On BSD systems that lack the getpeereid() library routine, a local attacker may perform a DoS attack on yule if the unix command socket is used (option SetUseSocket=yes). A local user might fill up the file descriptor table by sending fds over the socket (reported by Rob Holland). Note that FreeBSD has getpeereid() since 4.6, OpenBSD since 3.0.

Change History (1)

comment:1 by rainer, 17 years ago

Resolution: fixed
Status: newclosed

Fixed in changeset [118].

Note: See TracTickets for help on using tickets.