#74 closed defect (fixed)
Possible local DoS for yule on some BSD systems
Reported by: | anonymous | Owned by: | rainer |
---|---|---|---|
Priority: | major | Milestone: | 2.3.6 |
Component: | main | Version: | |
Keywords: | Cc: |
Description
On BSD systems that lack the getpeereid() library routine, a local attacker may perform a DoS attack on yule if the unix command socket is used (option SetUseSocket=yes). A local user might fill up the file descriptor table by sending fds over the socket (reported by Rob Holland). Note that FreeBSD has getpeereid() since 4.6, OpenBSD since 3.0.
Note:
See TracTickets
for help on using tickets.
Fixed in changeset [118].