Home > mailing lists

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers

From	Sir Mordred The Traitor
Subject	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
Date	August 26, 2002 14:31:24
Msg-id	3d6a49ce.4b9ea323@s-mail.com Whole thread Raw
In response to	@(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL (Sir Mordred The Traitor <mordred@s-mail.com>)
Responses	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL (Þórhallur Hálfdánarson <tolli@tol.li>)
List	pgsql-hackers

Tree view

>Hey, if I can connect to postmaster I can DoS it quite easily, but
flooding it
>with connection requests.....

Hm, that's true of course, but now i will do this with a couple of
connections.
Lets say, bot on a owned machine, connects to a database, 
send a crafted packet,
postgresql will allocate a huge amount of memory, and will be 
happy to read anything it recvs from my bot.



________________________________________________________________________
This letter has been delivered unencrypted. We'd like to remind you that
the full protection of e-mail correspondence is provided by S-mail
encryption mechanisms if only both, Sender and Recipient use S-mail.
Register at S-mail.com: http://www.s-mail.com/inf/en

pgsql-hackers by date:

From: Stephan Szabo
Date: 26 August 2002, 14:29:09
Subject: Re: Deadlock situation using foreign keys (reproduceable)

From: "Mario Weilguni"
Date: 26 August 2002, 14:31:43
Subject: Re: Deadlock situation using foreign keys (reproduceable)

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers

Previous

Next