Sam Hartman <hartm...@debian.org> writes: > I assume this goes back to squeeze as well.
The bug is as old as the file it's in. > Shouldn't the severity be higher? This seems probably worth a DSA > because such ping-pong attacks can really be bad for a network/server. > Or am I missing mittigations? > I'd be happy to work on packages. Some limited testing indicates that when the packet storm is confined to a single host, legitimate kpasswd and kadm5 requests can still get through, and the CPU usage pegs at about 70%. I haven't tested with multiple hosts involved. Mitigations include blocking specific source ports on inbound UDP packets. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
