Great Circle Associates Majordomo-Workers
(October 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: multiple lists commands attack --> majordomo vulnerabity?
From: Jason L Tibbitts III <tibbs @ hpc . uh . edu>
Date: 31 Oct 1997 12:42:53 -0600
To: majordomo-workers @ greatcircle . com
In-reply-to: Marko Hotti's message of Fri, 31 Oct 1997 07:59:46 +0200 (EET)
References: <Pine.LNX.3.96.971031074404.7285N-100000@lists.oulu.fi> 
>>>>> "MH" == Marko Hotti <mhotti@lists.oulu.fi> writes:

MH> The other mailing list server I'm running and administering at the
MH> moment was attacked by some idiot who had sent about 50 subsequent
MH> messages to the majordomo address - each message containing +100 lines
MH> of the majordomo command 'lists'.

For some reason I neglected to notice that there were multiple commands in
a single message.  John L. already posted a solution that works for 1.9x; I
can't do something quite that naive for 2.0 because doing a full list
reconfiguration might take a huge number of commands.

I suppose a per-transaction limit should be imposed by the core and should
limit unapproved commands.  I'll have to think about it some more.

 - J<
References:
Indexed By Date Previous: Re: multiple lists commands attack --> majordomo vulnerabity?
From: John R Levine <johnl@iecc.com>
Next: Re: multiple lists commands attack --> majordomo vulnerabity?
From: relph@mando.engr.sgi.com (John Relph)
Indexed By Thread Previous: Re: multiple lists commands attack --> majordomo vulnerabity?
From: John R Levine <johnl@iecc.com>
Next: Re: multiple lists commands attack --> majordomo vulnerabity?
From: relph@mando.engr.sgi.com (John Relph)
Google
 
Search Internet Search www.greatcircle.com