On Sun, Oct 3, 2010 at 18:30, Alan T DeKok <aland@freeradius.org> wrote:
> Tom Lane wrote:
>> Hm ... seems to me that is a network security problem, not our problem.
>> Who's to say one of the spoofed packets won't pass verification?
>
> =A0The packets are signed with a shared key. =A0Passing verification means
> either the attacker knows the key, or the attacker has broken MD5 in
> ways that are currently unknown.
>
>> If you want to change it, I won't stand in the way, but I have real
>> doubts about both the credibility of this threat and the usefulness
>> of the proposed fix.
>
> =A0The credibility of the threat is high. =A0Anyone can trivially send a
> packet which will cause authentication to fail. =A0This is a DoS attack.
I don't agree about how high it is - unless I misunderstand the
wording. You still need to have unfiltered access to the network that
the database server is on (unlikely) and you need to guess/bruteforce
the port (using bruteforce not really hard, but likely to be detected
by an IDS pretty quickly)
It is definitely an opportunity for a DoS attack though, so it should be fi=
xed.
I find your suggested patches kind of hard to read posted inline that
way - any chance you can repost as attachment or publish it as a git
repository I can fetch from?
--=20
=A0Magnus Hagander
=A0Me: http://www.hagander.net/
=A0Work: http://www.redpill-linpro.com/