commit e4569a0961ff9f059b9ae71327d291cf95399597 Author: Bodo Stroesser bstroesser@ts.fujitsu.com Date: Wed Nov 12 09:43:29 2014 -0500
rpc.mountd: set libtirpc nonblocking mode to avoid DOS
In works fine in that it removes the vulnerability against
a DOS attack. rpc.mountd can be blocked by a bad client,
that sends many RPC requests but never reads the responses.
This might happen intentionally or caused by a wrong network
config (MTU). The patch switches on the nonblocking mode of
libtirpc. In that mode writes can block for a max of 2
seconds. Attackers are forced to send requests slower, as
libtirpc will close a connection if it finds two requests to
read at the same time.
Please login to add feedback.
This update has been submitted for testing by steved.
Please Note: To stop this DOS the libtirpc-0.2.5-1.0.fc21 has to be installed which is currently in testing
Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/12435/steps/runtask/logs/stdio (results are informative only)
Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/12435/steps/runtask/logs/stdio (results are informative only)
This update is currently being pushed to the Fedora 21 testing updates repository.
This update has been pushed to testing
Works for me
This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes
This update has been obsoleted by https://admin.fedoraproject.org/updates/nfs-utils-1.3.1-2.2.fc21