[12200] in bugtraq
Re: Sample DOS against the Sambar HTTP-Server
daemon@ATHENA.MIT.EDU (syz)
Sat Oct 9 15:44:18 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37FF061E.99B115E2@dds.nl>
Date: Sat, 9 Oct 1999 11:08:46 +0200
Reply-To: syz@dds.nl
From: syz <syz@DDS.NL>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
I've tested it on sambar 4.2.1 and it's indeed
GET HTTP/1.0 to crash the sambar server.
Steve wrote:
> On Mon, Oct 04, 1999 at 12:58:40AM -0000, Dennis Conrad wrote:
> > #!/usr/bin/perl
> >
> > #########
> > # Sample DOS against the Sambar HTTP-Server
> [snip]
> > print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";
>
> Using that many 9s on my version of Perl fails silently. The above
> seems equivalent to: print $remote "GET HTTP/1.0\n\n";
>
> steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999;'
> steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999 || die;'
> Died at -e line 1.
> steve@grok:/home/steve% perl -v
>
> This is perl, version 5.005_03 built for i386-freebsd
> [etc.]
>
> I don't have a Sambar HTTP server to test against but it seems clear
> that the code won't work the way the author expected. Perl doesn't
> even try to build a string that long. If it did it would run out of
> memory and then fail.
>
> I conclude that the script as posted will not DoS the server even if
> it is vulnerable, unless a simple "GET HTTP/1.0" triggers the DoS.
>
> I suggest that until the nature of the DoS is clarified anyone using
> the script to test their own server should try it as-is, then try it
> with fewer 9s (probably 9999 or 99999, maybe more if it's a resource
> exhaustion DoS).
