This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: DoS in RPC implementation (CVE-2011-4069)

From: Siddhesh Poyarekar <siddhesh at redhat dot com>
To: Aurelien Jarno <aurelien at aurel32 dot net>
Cc: "Carlos O'Donell" <carlos_odonell at mentor dot com>, Jeff Law<law at redhat dot com>, libc-alpha at sourceware dot org, Martin Osvald<mosvald at redhat dot com>
Date: Fri, 19 Oct 2012 08:54:48 +0530
Subject: Re: DoS in RPC implementation (CVE-2011-4069)
References: <20120602201911.GA7099@volta.aurel32.net><4FCBE9AE.3030808@mentor.com><20120604121437.78f05d62@spoyarek><4FCCD40F.3060909@mentor.com><20120606162521.GA20961@volta.aurel32.net>

On Wed, 6 Jun 2012 18:25:21 +0200, Aurelien wrote:
> Here it is. It's basically the same patch as included in the RedHat
> package, rebased on the current git, and with the indentation fixed.
> 
> The goal of this patch is to fix a denial of service flaw found in the
> remote procedure call (RPC) implementation in glibc. A remote attacker
> able to open a large number of connections to an RPC service that is 
> using the RPC implementation from glibc, could use this flaw to make 
> that service use an excessive amount of CPU time.

Aurelien, can you please follow up on Roland's comments on this:

http://sourceware.org/ml/libc-alpha/2012-06/msg00207.html


Thanks,
Siddhesh

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]