Posadis Pthreads Detach Leak Local DoS

2003-12-23T00:00:00
ID OSVDB:3526
Type osvdb
Reporter OSVDB
Modified 2003-12-23T00:00:00

Description

Vulnerability Description

Posadis DNS server contains a flaw that allows a local attacker to create a denial of service that consumes available memory. The issue is due to the pthreads functions not properly deatching threads when they are closed down. An attacker can force the system to create a high number of threads to exhaust system resources and run the system out of memory.

Solution Description

Upgrade to version 1.0.2 (Current) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Note: Despite running 1.0.2, the version available on the web site has changes and should be re-downloaded and re-installed.

Short Description

Posadis DNS server contains a flaw that allows a local attacker to create a denial of service that consumes available memory. The issue is due to the pthreads functions not properly deatching threads when they are closed down. An attacker can force the system to create a high number of threads to exhaust system resources and run the system out of memory.

References:

Vendor URL: http://www.posadis.org/ Vendor Specific Advisory URL Related OSVDB ID: 3535 Related OSVDB ID: 3527