| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALx_OUB5CawM+Unb5ScrMJtKRXO==thxjXQ4WKD5kzn9xN61Rg@mail.gmail.com> Date: Wed, 24 Aug 2011 21:54:00 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Apache Killer > just for the record I have the impression that this not the same vulnerability > you outlined in your advisory a while back. It is more that the idea > for this vulnerability originated from your advisory, not the same bug. I don't think this even matters, and I really don't disagree... In 2007, I noticed that their Range handling is silly, and may prompt them to generate very large responses. I casually proposed a window scaling-based attack back then, and nothing happened. My understanding is that your exploit is based on the same principle (I don't think they fixed this in any way), but combines it with protocol-level compression to force the server to waste some memory and CPU resources to compress the response beforehand. But in any case, life goes on, it's just a DoS. Good that they're fixing it... /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists