Bugtraq mailing list archives

Re: YA Apache DoS attack

From: andik () ns upet ro (Kovacs Andrei)
Date: Sun, 16 Aug 1998 02:18:38 -0200


On Fri, 7 Aug 1998, Dag-Erling Coidan [ISO-8859-1] Smørgrav wrote:

There seems to be a simple way of badly DoSing any Apache server. It
involved a massive memory leak in the way it handles incoming request
headers. I based my exploit on the assumption that they use setenv()
(which they don't) and that the bug occurs when you send a header that
will end up as an environment variable if you request a CGI script
(such as User-Agent), but I have since verified that there is no
connection there. Anyway, you can blow Apache through the roof by
sending it tons of headers - the server's memory consumption seems to
be a steep polynomial of the amount of data you send it. Below is a
snapshot of top(1) about one minute after I sent my server a request
with 10,000 copies of "User-Agent: sioux\r\n" (totalling 190,016 bytes
of data)

        Today when I was looking at the Apache 1.3.1 help files i've found a
parameter that might stop this: "RLimitMem". I guess this should make Apache
use only the amount of memory that you want to.

        Andy

Current thread:

Re: Eudora executes (Java) URL, (continued)
- - - Re: Eudora executes (Java) URL John D. Hardin (Aug 07)
    - Re: Eudora executes (Java) URL John D. Hardin (Aug 08)
  - IRIX IP Spoofing/TCP Sequence Attack Update SGI Security Coordinator (Aug 06)
  - IRIX BIND DNS Vulnerabilities Update SGI Security Coordinator (Aug 06)
  - BSD/Qualcomm qpopper Vulnerability SGI Security Coordinator (Aug 06)
  - University of Washington imapd daemon Vulnerability SGI Security Coordinator (Aug 06)
  - New Eudora bug ? Patrick Oonk (Aug 07)
    - YA Apache DoS attack Dag-Erling Coidan Smørgrav (Aug 07)
    - Re: YA Apache DoS attack Marc Slemko (Aug 07)
    - Re: YA Apache DoS attack Dean Gaudet (Aug 07)
    - Re: YA Apache DoS attack Kovacs Andrei (Aug 15)
    - Re: New Eudora bug ? Anthony Roybal (Aug 07)