httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 10302] New: - Apache 2.0.39 appears to be vulnerable to DoS, possibly worse
Date Thu, 27 Jun 2002 21:41:39 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10302>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10302

Apache 2.0.39 appears to be vulnerable to DoS, possibly worse

           Summary: Apache 2.0.39 appears to be vulnerable to DoS, possibly
                    worse
           Product: Apache httpd-2.0
           Version: 2.0.39
          Platform: PC
        OS/Version: FreeBSD
            Status: NEW
          Severity: Major
          Priority: Other
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: apachebugs@brettglass.com


This evening, I returned from dinner to find that my Apache 2.0.39 Web server, 
running on FreeBSD, was completely unresponsive. A "ps" command revealed that 
the server had spawned dozens of child processes. And the error log had filled 
up with messages that looked like this:

[Wed Jun 26 15:55:01 2002] [error] server reached MaxClients setting, consider 
raising the MaxClients setting
[Wed Jun 26 21:28:36 2002] [warn] child process 164 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 165 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 166 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 167 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 168 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 497 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 498 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 1307 still did not exit, sending 
a SIGTERM
[Wed Jun 26 21:28:36 2002] [warn] child process 2965 still did not exit, sending 
a SIGTERM

...and many more similar messages. These were followed by a continuous stream of 
messages which started with the following and continued in a similar vein:

httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: chunk is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free
httpd in free(): warning: page is already free

While the Apache Group has claimed that Apache HTTPD 2.0.39 is immune to the 
apache-scalp.c exploit, users on several mailing lists say that these symptoms 
are similar to those which are seen when the exploit is used against one of the 
vulnerable Apache versions. Even if no one got in, the fact that someone clearly 
triggered a memory management bug, and that the Web server was tied up in knots 
until I shut it down and restarted it is greatly disturbing. There may be an 
effective DoS against Apache even the intruder can't break root. Please 
investigate....

--Brett Glass

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message