DoS w TuX

, · Dodaj komentarz

Spełniły się czarne przepowiednie przeciwników poszerzania możliwości kernela o serwowanie stron www. Na Bugtraq pojawiła się informacja, że istnieje możliwość zaDoSowania wbudowanego w kernele 2.4 serwera WWW. Wysłanie odpowiednio spreparowanego komunikatu do komputera-ofiary może spowodować nawet Kernel Panic. Więcej informacji na ten temat, a także link do patchy łatających ten problem, znajdziecie poniżej. Błąd nie dotyczy oczywiście tych, którzy nie wkompilowali Tuxa do swojego jądra…

  From a.orawe@ntlworld.com Tue Nov  6 09:37:41 2001  Date: Mon, 5 Nov 2001 12:57:15 -0000  From: Aiden ORawe   To: bugtraq@securityfocus.com  Subject: RH Linux Tux HTTPD DoS    TUX HTTPD Denial of Service Condition  =============================      Background:  -------------    Tux is a Kernel-Space HTTP server coded for optimal performance (IRQ  Affinity,HTTP compression, direct scatter-gather DMA etc.)  It is meant to  be used as the main HTTP server for static objects with requests for dynamic  content being passed to a user-space HTTPD server such as Apache on same box  when necessary. Tux is disabled by default.      Vulnerability:  --------------    It is possible to cause a denial of service condition by submitting an  oversized "Host:" header request to the Tux daemon causing an assertion  failure and eventual Kernel Panic.  A total system reboot is required to  return full functionality. For example the following script will cause the  target box to crash:      perl -e "print qq(GET / HTTP/1.0nAccept: */*nHost: ) . qq(A) x 6000 .  qq(n)" |nc        The following output will then generated (edited for brevity):      Code: Bad EIP Value.   (0)Kernel Panic: Aiee, killing interrupt handler!  In interrupt handler - not syncing!      To the best of my knowledge this is *not* a buffer overflow (despite  apparently being able to overwrite the contents of the EIP register) and as  such cannot be utilised to run arbitrary code.  FYI The Tux source code  contains numerous assertions that are used to safegaurd data integrity and  if any of these assertions fail (as it does in this case) code execution is  halted by making a call to the BUG() function.      System(s) tested:  -----------------    RedHat Linux 7.2 , Kernel 2.4.7-10 and 2.4.9-7 running TUX-2.1.0-2.      Additional Notes:  -----------------    security@redhat.com where advised of this issue 25 October 2001.      Solution:  ---------    See Security Advisory - RHSA-2001:142-15    http://www.redhat.com/support/errata/RHSA-2001-142.html      Thanks:  -------    Michael K. Johnston      ============================================================================  ===============================

Archiwalny news dodany przez użytkownika: honey.
Kliknij tutaj by zobaczyć archiwalne komentarze.

Oznaczone jako → 
Share →