Bug#506268: CVE-2008-5160: allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests
Hi, * Raphael Geissert [EMAIL PROTECTED] [2008-11-20 09:32]: The following CVE (Common Vulnerabilities Exposures) id was published for msp-webserver. CVE-2008-5160[1]: [...] Did you manage to reproduce that? Not reproducible for me with the unstable version. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp0MIXbQlzOw.pgp Description: PGP signature
Bug#506268: CVE-2008-5160: allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests
Hi, 2008/11/20 Nico Golde [EMAIL PROTECTED]: Hi, * Raphael Geissert [EMAIL PROTECTED] [2008-11-20 09:32]: The following CVE (Common Vulnerabilities Exposures) id was published for msp-webserver. CVE-2008-5160[1]: [...] Did you manage to reproduce that? Not reproducible for me with the unstable version. No, I didn't have time to setup the server and attempt to reproduce it. But I did check the changelog and the patches being applied and found nothing relevant that could fix or prevent the issue. I have just tried to reproduce it and I succeeded. I made four fruitful attempts: 1. original exploit: nothing. 2. 200 requests: server segfaulted 3. 2000 requests: too many childs are spawned and they start eating the memory almost by 100MBs per sec. 4. 3000 requests: same as with the 2000 requests. Note that I had to run the exploit a couple of times to reproduce the issue triggered at 3, and when I tried to reproduce the segfault under gdb to get a backtrace I didn't succeed to reproduce it. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Dan Quayle - This President is going to lead us out of this recovery. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#506268: CVE-2008-5160: allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests
Hi, * Raphael Geissert [EMAIL PROTECTED] [2008-11-20 21:39]: 2008/11/20 Nico Golde [EMAIL PROTECTED]: * Raphael Geissert [EMAIL PROTECTED] [2008-11-20 09:32]: The following CVE (Common Vulnerabilities Exposures) id was published for msp-webserver. CVE-2008-5160[1]: [...] Did you manage to reproduce that? Not reproducible for me with the unstable version. [...] Note that I had to run the exploit a couple of times to reproduce the issue triggered at 3, and when I tried to reproduce the segfault under gdb to get a backtrace I didn't succeed to reproduce it. Hmm ok, same here, I tried it attaching gdb to it. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp4xw7GCvCer.pgp Description: PGP signature
Bug#506268: CVE-2008-5160: allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests
On Thu, Nov 20, 2008 at 01:57:54PM -0600, Raphael Geissert wrote: Hi, 2008/11/20 Nico Golde [EMAIL PROTECTED]: Hi, * Raphael Geissert [EMAIL PROTECTED] [2008-11-20 09:32]: The following CVE (Common Vulnerabilities Exposures) id was published for msp-webserver. CVE-2008-5160[1]: [...] Did you manage to reproduce that? Not reproducible for me with the unstable version. No, I didn't have time to setup the server and attempt to reproduce it. But I did check the changelog and the patches being applied and found nothing relevant that could fix or prevent the issue. I have just tried to reproduce it and I succeeded. I made four fruitful attempts: 1. original exploit: nothing. 2. 200 requests: server segfaulted 3. 2000 requests: too many childs are spawned and they start eating the memory almost by 100MBs per sec. 4. 3000 requests: same as with the 2000 requests. Note that I had to run the exploit a couple of times to reproduce the issue triggered at 3, and when I tried to reproduce the segfault under gdb to get a backtrace I didn't succeed to reproduce it. So let's just drop it from Lenny. We don't need the 40th minimal web server in the archive, especially not if it crashes under load. Such errors in fringe servers are not DoS vulnerabilities, but regular bugs. We're not talking about Apache here. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#506268: CVE-2008-5160: allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests
Package: msp-webserver Severity: grave Version: 0.8.11-2 Tags: security Hi, The following CVE (Common Vulnerabilities Exposures) id was published for msp-webserver. CVE-2008-5160[1]: Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a 204 No Content error. If you fix the vulnerability please also make sure to include the CVE id in the changelog entry. [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5160 http://security-tracker.debian.net/tracker/CVE-2008-5160 Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part.