Bugtraq mailing list archives
Re: Xitami Connection Flood Server Termination Vulnerability
From: <mattmurphy () kc rr com>
Date: 3 Aug 2002 02:33:58 -0000
In-Reply-To: <20020803013725.DEF393953 () sitemail everyone net>
Although i tried it using a perl script flooding the GET requests in a loop, instead of using browser quickie, but yeah i had the maximum number of concurrent sessions value set quiet low, as it was 100 only.
A little correction on the connection setting. My config was reset during maintenence, and was actually set at *infinite* connections, but Xitami ceased to respond at about 11 connections on my box. The denial of service condition appears to be an overloaded piece of code in a library/core module. It appears to be max-ed out when Xitami stops checking for new session requests. However, what puzzles me is *why* the service is halting checks when it has no connection limit set.
Current thread:
- Xitami Connection Flood Server Termination Vulnerability Matthew Murphy (Aug 02)
- <Possible follow-ups>
- Re: Xitami Connection Flood Server Termination Vulnerability Muhammad Faisal Rauf Danka (Aug 02)
- Re: Xitami Connection Flood Server Termination Vulnerability mattmurphy (Aug 03)