Zalewski <lcamtufat_private> wrote: : Here's a simple exploit for Apache httpd version 1.2.x (tested on : 1.2.4). When launched, causes incerases of victim's load average and : extreme slowdowns of disk operations. On my i586 Linux annoying slowdown : has been experienced immediately (after maybe 5 seconds). After about 4 : minutes work has been turned into real hell (286?). I just tested this exploit on Apache httpd versions 1.0.x, 1.1.x, 1.2.x, and 1.3.x (beta). All of the versions seem to be affected in one way or another, but the 1.0.x and 1.1.x seems to be less effective, since the load average goes down right after the attack has stopped, unlike 1.2.x and 1.3.x, which kept going even after the attack has stopped. -- Zen <zenat_private> Fourth Law of Revision: It is usually impractical to worry beforehand about interferences -- if you have none, someone will make one for you.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:37:52 PDT