This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: DoS in RPC implementation (CVE-2011-4069)


On Wed, 6 Jun 2012 18:25:21 +0200, Aurelien wrote:
> Here it is. It's basically the same patch as included in the RedHat
> package, rebased on the current git, and with the indentation fixed.
> 
> The goal of this patch is to fix a denial of service flaw found in the
> remote procedure call (RPC) implementation in glibc. A remote attacker
> able to open a large number of connections to an RPC service that is 
> using the RPC implementation from glibc, could use this flaw to make 
> that service use an excessive amount of CPU time.

Aurelien, can you please follow up on Roland's comments on this:

http://sourceware.org/ml/libc-alpha/2012-06/msg00207.html


Thanks,
Siddhesh


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]