Date: Tue, 9 Jul 2002 01:12:11 -0600 (MDT) From: Brett Glass <brett@lariat.org> To: stable@freebsd.org Subject: Apache 2 subject to DoS from worms; downgrade to 1.3.26 recommended Message-ID: <200207090712.BAA04080@lariat.org>
next in thread | raw e-mail | index | archive | help
After the recent Apache security notices, I upgraded a few FreeBSD Web servers to Apache 2.0.39, thinking that this avoid exploitation of those servers. Alas, This turned out to be a mistake. For some reason, a FreeBSD server running Apache 2, when hit by the apache-scalp.c exploit or the worm that was built from it, seems to spawn the maximum number of httpd child processes and then stop handling incoming requests. While the exploit doesn't root the machine, the child processes (which are about 50% bigger than the ones spawned by Apache 1.3.x!) seem to get "wedged;" they never become available to handle more requests. So, more and more children are spawned until the "MaxClients" limit is reached or swap is exhausted. In either case, the server stops handling requests. Apache 1.3.26 doesn't seem susceptible to this problem... especially if one installs mod_blowchunks, which kills the session as soon as an attempt to exploit the server via chunked encoding is detected. I'd like to move to Apache 2.x as soon as possible. But since one of the main benefits of 2.x is its ability to use threading (not advisable under FreeBSD), and since the child processes are fatter and subject to denials of service, I'm sticking with 1.3.x for the moment. Have others experienced the same problems? (Note: I'm not subscribed to -STABLE right now, so please copy me as well as the list on responses.) --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207090712.BAA04080>