Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#4 Security fixes for denial of service attacks

open
nobody
None
9
2006-08-04
2006-08-04
Manuel Moos
No

This fixes the recently discovered security problems.

0.2.8.X and 0.3.0 are affected by:
- A forged client can request too many network object
ID numbers from the client, freezing it
- A clumsy remote administrator can issue commands
that produce too much output, freezing the server

All versions are affected by:
- A forged client can send network objects with wrong
owner information, crashing/terminating the server

The patch for 0.2.6 is yet untested, the current
client can't connect to a 0.2.6 server on the LAN.

Discussion

  • Manuel Moos
    Manuel Moos
    2006-08-04

    Logged In: YES
    user_id=34808

    Patch for 0.2.7.1

     
  • Manuel Moos
    Manuel Moos
    2006-08-05

    Logged In: YES
    user_id=34808

    The 0.2.6 patch was tested with an modified 0.2.6 client as
    the attacker and worked fine.