Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 204063 - media-sound/mt-daapd <= 0.2.4.1 remote DoS
Summary: media-sound/mt-daapd <= 0.2.4.1 remote DoS
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-02 15:07 UTC by Carsten Lohrke (RETIRED)
Modified: 2013-09-03 01:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2008-01-02 15:07:03 UTC
I have seen bug 200110, but Luigi Auriemma's advisory seems to be another issue.

C] duplicated HTTP parameter Denial of Service
D] CPU at 100% with partial queries

http://aluigi.altervista.org/adv/fireflyz-adv.txt
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-06 22:23:49 UTC
According to the advisory, this will be fixed in the next release.
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2008-07-07 19:37:07 UTC
It appears that 0.2.4.2 is still affected by the duplicate parameter issue, at least the poc took the cpu to 100% a few times.
Can someone verify this please.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-11-26 18:19:20 UTC
upstream states:

Item C I can replicate against both stable code and current svn.

> D] CPU at 100% with partial queries

This I can't replicate against stable code, or on current svn.  It  
likely represents an issue in some version of svn, although socket  
handling and timeout stuff has been in flux lately, so I'm not sure  
what version this represents an issue with.