[10857] in bugtraq
Re: Novell NetWare webservers DoS
daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Fri Jun 18 13:20:03 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <929642804.260.nwmail@venglin.gadaczka.dhs.org>
Date: Thu, 17 Jun 1999 20:06:35 +0200
Reply-To: venglin@lagoon.freebsd.org.pl
From: Przemyslaw Frasunek <venglin@GADACZKA.DHS.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <BDB70A7573@golem.umcs.lublin.pl>
> I have tested your exploit on Yawn HTTPD in various environment
> (NetWare 3.11, 3.12, 4.10, 4.11) and I'm quite sure the program
> should not crash the NetWare with my web server on the top.
> Can anybody correct me or provide additional information?
As you said, the problem is probably related to the amount of MaxThreads
parameter in httpd.cfg, which is default set to 16 (this is a safe value).
Setting it to more than 16 can be dangerous, because of exhausting the server
memory, when many parallel connections are opened.
--
* Fido: 2:480/124 ** WWW: lagoon.freebsd.org.pl/~venglin ** GSM:48-601-383657 *
* Inet: venglin@lagoon.freebsd.org.pl ** PGP:D48684904685DF43EA93AFA13BE170BF *