Bug 10146 - 2.0.39 DoS
Summary: 2.0.39 DoS
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.0.39
Hardware: PC FreeBSD
: P3 blocker (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-06-22 10:50 UTC by Kozin Maxim
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments
code for DoS 2.0.39 on FreeBSD 4.[56] (6.23 KB, text/plain)
2002-06-22 10:51 UTC, Kozin Maxim
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Kozin Maxim 2002-06-22 10:50:15 UTC
Hello.

Some time ago in different maillist was post:
------------------------------------------------------
Date: Wed, 19 Jun 2002 12:45:24 -0700
From: gobbles@hushmail.com
To: vulndev@vulndev.org, submissions@packetstormsecurity.org,
     bugs@securitytracker.net, bugtraq@securityfocus.com,
     vuln-dev@securityfocus.com
Subject: Remote Apache 1.3.x Exploit
----------------------------------------------------------------
Mail has attachment, which "exploit for openbsd" code.
But "exploit" has one side effect  - for apache 2.0.39
it make DoS. Child eat all memory, swap and die with diagnostic
".
Jun 20 11:16:39 solo /kernel: pid 49564 (httpd), uid 65534, was killed: out of
swap space
"
In gdb we can see, that child loop in 
modules/http/http_protocol.c in function:
ap_discard_request_body():
1962        } while (!seen_eos);
(gdb) n
1920            rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
(gdb) n
1923            if (rv != APR_SUCCESS) {
(gdb) n
1939            APR_BRIGADE_FOREACH(bucket, bb) {
(gdb) n
1961            apr_brigade_cleanup(bb);
(gdb) 

And 2.0.40-dev from cvs DoS-ed too.

p.s.
 OS: FreeBSD 4.5 and 4.6 releases

b.r.
 Kozin Maxim
Comment 1 Kozin Maxim 2002-06-22 10:51:45 UTC
Created attachment 2156 [details]
code for DoS 2.0.39 on FreeBSD 4.[56]
Comment 2 Justin Erenkrantz 2002-07-08 07:03:55 UTC
Fixed in CVS.  Will be included in next release (2.0.40).  Thanks for using Apache httpd!