subject:"\[Ganglia\-developers\] patches for\: \[Sec\] Gmetad server BoF and network overload \+ \[Feature\] multiple requests per conn on interactive port"

Re: [Ganglia-developers] patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port

2009-01-18 Thread Carlo Marcelo Arenas Belon

On Tue, Jan 13, 2009 at 11:41:19PM +0800, Spike Spiegel wrote: === DoS attacks 1) Given REQUESTLEN=2048, and 3 characters to be the minimum to craft a valid and nonexistent path /x, with the above feature implemented it would be possible to trigger 2048/3 calls to process_path which would

Re: [Ganglia-developers] patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port

2009-01-14 Thread Jesse Becker

Committed to trunk for testing, r1946. On Tue, Jan 13, 2009 at 10:41, Spike Spiegel fsm...@gmail.com wrote: Hi, I wanted to add a feature to gmetad so that it was possible to request multiple items per connection on the interactive port, and while doing so I uncovered a buffer overflow