Re: Iperf 2.0.2 released

To: Iperf Users <iperf-users --at-- dast.nlanr.net>
Subject: Re: Iperf 2.0.2 released
From: "John S. Estabrook" <jestabro --at-- ncsa.uiuc.edu>
Date: Tue, 3 May 2005 15:43:21 -0500 (CDT)
Content-type: TEXT/PLAIN; charset=US-ASCII
In-reply-to: <4277DFE7.40306 --at-- nersc.gov>
Reply-to: iperf-users --at-- dast.nlanr.net
Sender: owner-iperf-users --at-- dast.nlanr.net

Regarding the mention of a "buffer overflow", this is _not_ a known
security issue; here was the problem, as stated in Hans Blom's email to
the list:

" However, there still is an issue that could also be found in previous
Iperf versions. At Linux "unsigned long" appears to be used for the
"max_size_t", resulting in an Integer overflow at very high bandwidths: "

So, I guess one could stage an attack by giving you a great deal of
bandwidth, and forcing you to use it, but otherwise there should be no 
cause for concern.

On Tue, 3 May 2005, Eli Dart wrote:

> ... 
> What buffer overflow?  Does this have security implications?  I may
> just be asleep, but I don't remember seeing anything about this....
> 
> 		--eli
> ...

-- 
John S. Estabrook
jestabro --at-- ncsa.uiuc.edu
jestabro --at-- dast.nlanr.net

References:
- Re: Iperf 2.0.2 released
  - From: Eli Dart

Prev by Date: Re: Iperf 2.0.2 released
Next by Date: Clarification on 2.0.2
Previous by thread: Re: Iperf 2.0.2 released
Next by thread: Clarification on 2.0.2

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index