lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <63340-22003521316380340@M2W067.mail2web.com>
Date: Tue, 13 May 2003 12:38:00 -0400
From: "mattmurphy@...rr.com" <mattmurphy@...rr.com>
To: bugtraq@...urityfocus.com, news@...uriteam.com, bugs@...uritytracker.com,
   vulnwatch@...nwatch.org, full-disclosure@...ts.netsys.com
Subject: eServ Memory Leak Solution


After discussion with Andrey Cherezov, the cause and solution of the eServ
memory "leak" has been identified.  Delayed de-allocation associated with
thread creation and destruction caused the issue.  eServ 2.9x was
vulnerable to my attacks because during the delay (up to a few minutes), it
continued spawning threads, resulting in a denial of service.  eServ 3.0
uses a new acTCP kernel to improve service.  Specifically, it does not
create new threads beyond its maximum connection queue.  The delay
condition still exists, but cannot be exploited to cause major memory loss.
I recommend that eServ 2.9x users contact the vendor about upgrading as
appropriate.  

eServ has had one other vulnerability, a buffer overrun in its virtual host
support.  Stating that eServ has a "horrible security record" was perhaps a
horrible overstatement on my part. :-)

There have been other vulnerabilities in products un-related to eServ,
which were developed on the same kernel.  Specifically, acFTP's
authentication logging bug, and the acFreeProxy XSS, which I have been
informed was the result of a configuration error.

I was also informed during discussions with the developer that the reason
my e-mail was not replied to immediately was because of Russia's day of
victory celebrations, and not due to negligence.

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ