Bug in gpm

[cadence () APOLLO ACI COM PL (Tomasz Grabowski)]

Hello.

More than 6 months ago I discovered some kind of DoS bug in gpm shipped
with RedHat 6.1
(propably others).
Regular user can simply DoS the gpm or (in several circumstances) the
whole system.

In general the problem is that /dev/gpmctl uses STREAM and You can flood
it with many faked connections.

One week ago RedHat announced that the bug is *FIXED* now and everyone can
download a new version of this package from redhat-rawhide
(/pub/Linux/redhat-rawhide/i386/RedHat/RPMS/gpm-1.19.2-1.i386.rpm),
so I decided to drop a note here.
The funny thing is that I couldn't find info about it in ChangeLog of this
package...

If You want to play with it try attached code.

___
Tomasz Grabowski [Akademickie Centrum Informatyki] {CADENCE of Lam3rZ}
The progress only comes through struggle...

<HR NOSHADE>
<UL>
<LI>TEXT/PLAIN attachment: fgpm.c
</UL>