Date: Wed, 12 Aug 1998 11:18:19 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: DOS exploit in Apache Message-ID: <Pine.BSF.3.96.980812111249.16956B-100000@aniwa.sky> In-Reply-To: <199808111816.MAA18952@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Aug 1998, Brett Glass wrote: > All recent versions of Apache can be made to demand virtually unlimited > amounts of memory if they are fed large numbers of HTML request headers. I > haven't seen a fix for FreeBSD yet; have the published package and port > been patched yet? Contrary to the original bug report, the bug relates to multiple instances of the same header key, not to lots of different headers. Or rather lots of header requests would cause memory consumption to increase linearly, whereas lots of the same header would cause memory consumption to increase as ( 1/2 * n^2 ). An unofficial source patch came out on Bugtraq. Can someone point me to the official one? Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980812111249.16956B-100000>