lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20020924174354.GA18044@Update.UU.SE>
From: ulfh at Update.UU.SE (Ulf H{rnhammar)
Subject: Re: Apache 2.0.(39|40) DOS (PHP!)

On Mon, Sep 23, 2002 at 12:33:04PM -0700, shaddup@...h.com wrote:
> - -=~=-_-=~=-_-=~=-
> I put PHP in the title so I know this message will reach the "sekur1ty c0mmun1ty", that *knows* that PHP is bad, because it's easy to write insecure applications, unlike C.
> - -=~=-_-=~=-_-=~=-
> Problem:
>  o Apache 2.0 (.39 and .40 tested) on Linuxx0r (and possibly other OS's)
>  will hang on a write to stderr that is larger than the default buffer
>  size (4k on Linux)
> Impact:
>  o Local users can cause apache's httpd process to hang
>  o Possible new DoS to look for in web apps that write
>  user input to stderr!

*whiny voice* This is a bug in the web applications, and not in Apache. *moan*

// Ulf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ