[12187] in bugtraq
Re: Sample DOS against the Sambar HTTP-Server
daemon@ATHENA.MIT.EDU (Steve)
Fri Oct 8 20:21:01 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991006123440.A373@grok.localnet>
Date: Wed, 6 Oct 1999 12:34:41 -0700
Reply-To: Steve <sreid@SEA-TO-SKY.NET>
From: Steve <sreid@SEA-TO-SKY.NET>
X-To: Dennis Conrad <dennis@LINUXSTART.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991004005840.8813.qmail@ns1.filetron.com>; from Dennis Conrad
on Mon, Oct 04, 1999 at 12:58:40AM -0000
On Mon, Oct 04, 1999 at 12:58:40AM -0000, Dennis Conrad wrote:
> #!/usr/bin/perl
>
> #########
> # Sample DOS against the Sambar HTTP-Server
[snip]
> print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";
Using that many 9s on my version of Perl fails silently. The above
seems equivalent to: print $remote "GET HTTP/1.0\n\n";
steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999;'
steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999 || die;'
Died at -e line 1.
steve@grok:/home/steve% perl -v
This is perl, version 5.005_03 built for i386-freebsd
[etc.]
I don't have a Sambar HTTP server to test against but it seems clear
that the code won't work the way the author expected. Perl doesn't
even try to build a string that long. If it did it would run out of
memory and then fail.
I conclude that the script as posted will not DoS the server even if
it is vulnerable, unless a simple "GET HTTP/1.0" triggers the DoS.
I suggest that until the nature of the DoS is clarified anyone using
the script to test their own server should try it as-is, then try it
with fewer 9s (probably 9999 or 99999, maybe more if it's a resource
exhaustion DoS).
