You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/06/27 23:41:39 UTC
DO NOT REPLY [Bug 10302] New: -
Apache 2.0.39 appears to be vulnerable to DoS, possibly worse
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10302>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10302
Apache 2.0.39 appears to be vulnerable to DoS, possibly worse
Summary: Apache 2.0.39 appears to be vulnerable to DoS, possibly
worse
Product: Apache httpd-2.0
Version: 2.0.39
Platform: PC
OS/Version: FreeBSD
Status: NEW
Severity: Major
Priority: Other
Component: All
AssignedTo: bugs@httpd.apache.org
ReportedBy: apachebugs@brettglass.com
This evening, I returned from dinner to find that my Apache 2.0.39 Web server,
running on FreeBSD, was completely unresponsive. A "ps" command revealed that
the server had spawned dozens of child processes. And the error log had filled
up with messages that looked like this:
[Wed Jun 26 15:55:01 2002] [error] server reached MaxClients setting, consider
raising the MaxClients setting
[Wed Jun 26 21:28:36 2002] [warn] child process 164 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 165 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 166 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 167 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 168 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 497 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 498 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 1307 still did not exit, sending
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 2965 still did not exit, sending
a SIGTERM
...and many more similar messages. These were followed by a continuous stream of
messages which started with the following and continued in a similar vein:
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: chunk is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
While the Apache Group has claimed that Apache HTTPD 2.0.39 is immune to the
apache-scalp.c exploit, users on several mailing lists say that these symptoms
are similar to those which are seen when the exploit is used against one of the
vulnerable Apache versions. Even if no one got in, the fact that someone clearly
triggered a memory management bug, and that the Web server was tied up in knots
until I shut it down and restarted it is greatly disturbing. There may be an
effective DoS against Apache even the intruder can't break root. Please
investigate....
--Brett Glass
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org