| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Aug 2011 16:00:36 +1000 From: "-= Glowing Sex =-" <doomxd@...il.com> To: Michal Zalewski <lcamtuf@...edump.cx> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Apache Killer This has yes, 2 sides to it, range accept and then another issue with doc_size, but i believe this one patch addresses both, atleast, the advisory that kcope just showed me put me onto the correct patch... tested, same httpd after patches applied thru freebsd-update,it appied the patches for range... anyhow here it is again for anyone who wants to look at it...attached unified diff patch for the whole issue of 0- and doc_size , but i still think the framework is abit shaky :s anyhow, patch up if ya need to... otherwise, be eaten by shkidz xd On 24 August 2011 13:57, Michal Zalewski <lcamtuf@...edump.cx> wrote: > > http://www.gossamer-threads.com/lists/apache/dev/401638 > > FWIW, I pointed out the DoS-iness of their Range handling a while ago: > http://seclists.org/bugtraq/2007/Jan/83 > > /mz > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > Content of type "text/html" skipped Download attachment "merge_ranges.diff" of type "application/octet-stream" (9590 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists