You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/06/22 12:50:16 UTC
DO NOT REPLY [Bug 10146] New: -
2.0.39 DoS
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10146>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10146
2.0.39 DoS
Summary: 2.0.39 DoS
Product: Apache httpd-2.0
Version: 2.0.39
Platform: PC
OS/Version: FreeBSD
Status: NEW
Severity: Blocker
Priority: Other
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: madmax@express.ru
Hello.
Some time ago in different maillist was post:
------------------------------------------------------
Date: Wed, 19 Jun 2002 12:45:24 -0700
From: gobbles@hushmail.com
To: vulndev@vulndev.org, submissions@packetstormsecurity.org,
bugs@securitytracker.net, bugtraq@securityfocus.com,
vuln-dev@securityfocus.com
Subject: Remote Apache 1.3.x Exploit
----------------------------------------------------------------
Mail has attachment, which "exploit for openbsd" code.
But "exploit" has one side effect - for apache 2.0.39
it make DoS. Child eat all memory, swap and die with diagnostic
".
Jun 20 11:16:39 solo /kernel: pid 49564 (httpd), uid 65534, was killed: out of
swap space
"
In gdb we can see, that child loop in
modules/http/http_protocol.c in function:
ap_discard_request_body():
1962 } while (!seen_eos);
(gdb) n
1920 rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
(gdb) n
1923 if (rv != APR_SUCCESS) {
(gdb) n
1939 APR_BRIGADE_FOREACH(bucket, bb) {
(gdb) n
1961 apr_brigade_cleanup(bb);
(gdb)
And 2.0.40-dev from cvs DoS-ed too.
p.s.
OS: FreeBSD 4.5 and 4.6 releases
b.r.
Kozin Maxim
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org