DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10146>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10146 2.0.39 DoS Summary: 2.0.39 DoS Product: Apache httpd-2.0 Version: 2.0.39 Platform: PC OS/Version: FreeBSD Status: NEW Severity: Blocker Priority: Other Component: Core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hello. Some time ago in different maillist was post: ------------------------------------------------------ Date: Wed, 19 Jun 2002 12:45:24 -0700 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [email protected], [EMAIL PROTECTED] Subject: Remote Apache 1.3.x Exploit ---------------------------------------------------------------- Mail has attachment, which "exploit for openbsd" code. But "exploit" has one side effect - for apache 2.0.39 it make DoS. Child eat all memory, swap and die with diagnostic ". Jun 20 11:16:39 solo /kernel: pid 49564 (httpd), uid 65534, was killed: out of swap space " In gdb we can see, that child loop in modules/http/http_protocol.c in function: ap_discard_request_body(): 1962 } while (!seen_eos); (gdb) n 1920 rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES, (gdb) n 1923 if (rv != APR_SUCCESS) { (gdb) n 1939 APR_BRIGADE_FOREACH(bucket, bb) { (gdb) n 1961 apr_brigade_cleanup(bb); (gdb) And 2.0.40-dev from cvs DoS-ed too. p.s. OS: FreeBSD 4.5 and 4.6 releases b.r. Kozin Maxim --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
