#890 closed defect (fixed)

Webserver POST DoS vulnerability

Reported by: Thomas Rauscher Owned by: Eric Norum
Priority: highest Milestone: 2
Component: network/legacy Version: unknown
Severity: critical Keywords:
Cc: bugs@…, joel.sherrill@… Blocked By:
Blocking:

Description

The webservers enters an infinite loop when a POST request
with less data than indicated in the Content-Length header is received. It also consumes additional heap memory and a
file descriptor for each invalid POST.

More information on this topic can be found on
http://aluigi.altervista.org/adv/goahead-adv1.txt

Release:
rtems_4_6, HEAD

How-To-Repeat:
Invoke post-vulnerability.sh attached to this PR (requires netcat).

./post-vulnerability <hostname or ip-address>

and check CPU load, memory and liveness of web server.

Attachments (2)

postbug.zip (818 bytes) - added by Thomas Rauscher on Dec 3, 2006 at 1:31:12 PM.
postbug.zip
pr890-cvshead.diff (672 bytes) - added by Thomas Rauscher on Dec 3, 2006 at 1:31:12 PM.
pr890-cvshead.diff

Download all attachments as: .zip

Change History (2)

comment:1 Changed on Feb 8, 2006 at 3:17:29 PM by Joel Sherrill

Status: assignedclosed

State-Changed-From-To: open->closed
State-Changed-Why: Patch applied to 4.6 branch and CVS head.

Changed on Dec 3, 2006 at 1:31:12 PM by Thomas Rauscher

Attachment: pr890-cvshead.diff added

pr890-cvshead.diff

Note: See TracTickets for help on using tickets.