Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers

From Sir Mordred The Traitor
Subject Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
Date
Msg-id 3d6a49ce.4b9ea323@s-mail.com
Whole thread Raw
In response to @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL  (Sir Mordred The Traitor <mordred@s-mail.com>)
Responses Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
List pgsql-hackers
>Hey, if I can connect to postmaster I can DoS it quite easily, but
flooding it
>with connection requests.....

Hm, that's true of course, but now i will do this with a couple of
connections.
Lets say, bot on a owned machine, connects to a database, 
send a crafted packet,
postgresql will allocate a huge amount of memory, and will be 
happy to read anything it recvs from my bot.



________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com/inf/en


pgsql-hackers by date:

Previous
From: Stephan Szabo
Date:
Subject: Re: Deadlock situation using foreign keys (reproduceable)
Next
From: "Mario Weilguni"
Date:
Subject: Re: Deadlock situation using foreign keys (reproduceable)