[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DSS possible denial-of-service vulnerability

Subject: DSS possible denial-of-service vulnerability
From: Ian Steele <email@hidden>
Date: Tue, 10 Oct 2006 19:06:31 +0100
Delivered-to: email@hidden
Delivered-to: email@hidden

I seem to have found a way to  jam up DSS very easily...

I have an application I have written that lets me audition via rtsp
.mp4 audio only movies on my DSS server. This is simple and
works very well.

However....

I found that if I repeatedly click the same file name, I can open lots of connections to DSS. This results in one genuine connection that tries to play, and several 'stale' ones that will eventually time out after 2 minutes. The point is, I can keep clicking till I reach the user-limit, and then DSS will not let other users connect. In fact, it jams up even if there are only a few stale connections 'running'.

Perhaps someone else can see if they can duplicate this, as it
would seem to be a major problem.

I'm running DSS 5.53 under OS X 10.47. I have not modified it in
anyway.

regards,
Ian.

Ian Steele, Senior Engineer, National Film & TV School, UK.


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Streaming-server-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/streaming-server-users/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: DSS possible denial-of-service vulnerability
  - From: email@hidden
- RE: DSS possible denial-of-service vulnerability
  - From: "Mait Mandel" <email@hidden>

Prev by Date: Re: Playlists
Next by Date: Using QTSS with Axis 211A Cameras?
Previous by thread: Re: Playlists
Next by thread: RE: DSS possible denial-of-service vulnerability
Index(es):
- Date
- Thread

Home