This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: DoS in RPC implementation (CVE-2011-4069)
- From: Siddhesh Poyarekar <siddhesh at redhat dot com>
- To: Aurelien Jarno <aurelien at aurel32 dot net>
- Cc: "Carlos O'Donell" <carlos_odonell at mentor dot com>, Jeff Law<law at redhat dot com>, libc-alpha at sourceware dot org, Martin Osvald<mosvald at redhat dot com>
- Date: Fri, 19 Oct 2012 08:54:48 +0530
- Subject: Re: DoS in RPC implementation (CVE-2011-4069)
- References: <20120602201911.GA7099@volta.aurel32.net><4FCBE9AE.3030808@mentor.com><20120604121437.78f05d62@spoyarek><4FCCD40F.3060909@mentor.com><20120606162521.GA20961@volta.aurel32.net>
On Wed, 6 Jun 2012 18:25:21 +0200, Aurelien wrote:
> Here it is. It's basically the same patch as included in the RedHat
> package, rebased on the current git, and with the indentation fixed.
>
> The goal of this patch is to fix a denial of service flaw found in the
> remote procedure call (RPC) implementation in glibc. A remote attacker
> able to open a large number of connections to an RPC service that is
> using the RPC implementation from glibc, could use this flaw to make
> that service use an excessive amount of CPU time.
Aurelien, can you please follow up on Roland's comments on this:
http://sourceware.org/ml/libc-alpha/2012-06/msg00207.html
Thanks,
Siddhesh