Bugtraq mailing list archives
def-2001-02: IBM Websphere 3.52 Kernel Leak DoS
From: Peter Gründl <peter.grundl () DEFCOM COM>
Date: Mon, 8 Jan 2001 12:50:01 +0100
====================================================================== Defcom Labs Advisory def-2001-02 IBM Websphere 3.52 Kernel Leak DoS Author: Peter Gründl <peter.grundl () defcom com> Release Date: 2001-01-08 ====================================================================== ------------------------=[Brief Description]=------------------------- The Apfa cache in the IBM HTTP Server, which Websphere is built on, has problems handling certain types of URL requests. The result of such a URL is a kernel leak, which will eventually end up consuming all available kernel memory and rendering the host useless. ------------------------=[Affected Systems]=-------------------------- - IBM WebSphere 3.52 (IBM HTTP Server 1.3.12) for Windows NT ----------------------=[Detailed Description]=------------------------ Sending a continous stream of HTTP requests resulting in "bad request" will cause a kernel leak in Windows NT. There are many ways to trigger the bad request result that triggers the leak, eg. GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n ---------------------------=[Workaround]=----------------------------- Comment out the three lines beginning with "Apfa" in the httpd.conf file (located in the conf directory in the web server folder). -------------------------=[Vendor Response]=-------------------------- This issue was brought to the vendor's attention on the 8th of December, 2000. A workaround was received from the vendor on the 5th of January, 2001. "This issue is caused by a problem in the AfpaCache module of the IBM HTTP Server. The only workaround at this time is to disable the AfpaCache. IBM Development is working on fixing this issue, but it is not yet known when a fix will be available." ====================================================================== This release was brought to you by Defcom Labs labs () defcom com www.defcom.com ======================================================================
Current thread:
- def-2001-02: IBM Websphere 3.52 Kernel Leak DoS Peter Gründl (Jan 08)
- <Possible follow-ups>
- Re: def-2001-02: IBM Websphere 3.52 Kernel Leak DoS Rodrick Brown (Jan 08)