Issue #13553 has been updated by Matthaus Litteken. Target version set to 2.7.13 Private changed from Yes to No
---------------------------------------- Bug #13553: Puppet master can be cause to read data until it is out of memory https://projects.puppetlabs.com/issues/13553#change-60333 Author: Andrew Parker Status: Closed Priority: High Assignee: Andrew Parker Category: security Target version: 2.7.13 Affected Puppet version: Keywords: Branch: Using the symlink attack described in Bug #13511 the puppet master can be caused to read from a stream (e.g. /dev/random) when either trying to save a file or read a file. Because of the way in which the puppet master deals with sending files on the filesystem to a remote system via a REST request the thread handling the request will block forever reading from that stream and continually consuming more memory. This can lead to the puppet master system running out of memory and cause a denial of service. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
