[22831] in bugtraq
Re: [CLA-2001:429] Conectiva Linux Security Announcement - htdig
daemon@ATHENA.MIT.EDU (Geoff Hutchison)
Thu Oct 11 11:20:25 2001
Mime-Version: 1.0
Message-Id: <a05100301b7eaba5e100c@[129.105.9.200]>
In-Reply-To: <200110102119.TAA22384@frajuto.distro.conectiva>
Date: Wed, 10 Oct 2001 22:00:21 -0500
To: secure@conectiva.com.br
From: Geoff Hutchison <ghutchis@wso.williams.edu>
Cc: bugtraq@securityfocus.com, lwn@lwn.net
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 7:19 PM -0200 10/10/01, secure@conectiva.com.br wrote:
>A malicious user could point to a file like /dev/zero and let
> the server run in an endless loop, trying to read config
> parameters from there.
Whoa there. I haven't looked at the RPMs you're distributing, but the
htsearch CGI will timeout after a given interval (by default 5
minutes) via the alarm() call. Yes, the /dev/zero URL could be used
for a Denial of Service attack in this fashion. Yes, it's a bug and a
reason to upgrade.
No, this is not an "endless" loop, unless you've removed that alarm() call.
To quote from my previous message:
At 3:46 PM -0500 10/7/01, Geoff Hutchison wrote:
>remote user can force the CGI to stall until it times out
Cheers,
--
--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/
