Opened 14 years ago

Closed 14 years ago

Last modified 5 years ago

#74 closed defect (fixed)

Possible local DoS for yule on some BSD systems

Reported by: anonymous Owned by: rainer
Priority: major Milestone: 2.3.6
Component: main Version:
Keywords: Cc:


On BSD systems that lack the getpeereid() library routine, a local attacker may perform a DoS attack on yule if the unix command socket is used (option SetUseSocket?=yes). A local user might fill up the file descriptor table by sending fds over the socket (reported by Rob Holland). Note that FreeBSD has getpeereid() since 4.6, OpenBSD since 3.0.

Change History (1)

comment:1 Changed 14 years ago by rainer

Resolution: fixed
Status: newclosed

Fixed in changeset [118].

Note: See TracTickets for help on using tickets.