The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. Go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node," This issue has been addressed in versions 5.0.9 and 5.1.3. The time frame for this is limited to the configured session lifetime, starting from the time when the user logged out. However, if the session becomes compromised later, it can still be used to perform API requests against the Graylog cluster. After a user has logged out, the UI shows the login screen again, which gives the user the impression that their session is not valid anymore. If the session update is however prevented by setting the `X-Graylog-No-Session-Extension:true` header in the request, the node will consider the (cached) session valid until the session is expired according to its timeout setting. This is true for most API requests originating from user interaction with the Graylog UI because these will lead to an update of the session's "last access" timestamp. They will then notice that the session is gone. These nodes will only fail to accept the session id if they intent to update the session in the database. The other nodes will however still use the cached session. When the user logs out, the session is removed from the node-local cache and deleted from the database. However, each node maintains their isolated version of the session.
Modifications to sessions will update the cached version as well as the session persisted in the database.
After that, the node operates solely on the cached session. Upon a cache-miss, the session is loaded from the database. Each node maintains an in-memory cache of user sessions. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Graylog is a free and open log management platform.
0 kommentar(er)
