[Freeipa-devel] [PATCH 0085] Limit request sizes to /KdcProxy
Nathaniel McCallum
npmccallum at redhat.com
Wed Jul 22 18:44:07 UTC 2015
On Wed, 2015-07-22 at 14:38 -0400, Nathaniel McCallum wrote:
> On Wed, 2015-07-22 at 20:34 +0200, Christian Heimes wrote:
> > On 2015-07-22 20:23, Nathaniel McCallum wrote:
> > > Related: CVE-2015-5159
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1245200
> >
> > The patch prevents a flood attack but I consider more a workaround
> > than
> > a solution. I'll update kdcproxy tomorrow.
>
> The problem is that while we can provide a sane default, special
> applications might require different sizes (either smaller or
> larger).
> I think this fix is acceptable since it keeps the solution entirely
> within the configuration domain.
Also, this method comes with free documentation. :)
Nathaniel
More information about the Freeipa-devel
mailing list