[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Possibility of Denial of Service in dictd?


I noticed that using the dict regular expression search feature, it is
possible to get extremely large amounts of data from a server with dictd
running, for example `dictd -s regexp [a-z]` would return the entire
dictionary (assuming that all headwords contained a lower case letter).

My concern is that for larger dictionaries, an attacker could repeatedly
make requests for significant portions of the dictionary, thus leading
to denial of service. This could potentially be mitigated by imposing a
limit on the amount of data that can be sent per request.

Yours sincerely,

Riley Baird

Reply to: