Clarification on Xitami DoS

From: Matthew Murphy (mattmurphyat_private)
Date: Sun Aug 04 2002 - 15:24:24 PDT

Next message: Stan Bubrouski: "Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks"

Previous message: Stan Bubrouski: "Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS"
Next in thread: Muhammad Faisal Rauf Danka: "Re: Clarification on Xitami DoS"
Maybe reply: Muhammad Faisal Rauf Danka: "Re: Clarification on Xitami DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Due to conflicting results in some tests, I believe that my
previous post regarding this issue contained some inaccurate
statements:

The root cause of this vulnerability is not a sudden flood of
connections; the issue appears to be that Xitami 2.5 Beta does
not "clean up" the resources of a connection that has been
broken/closed in some cases.  As a result, the vulnerability can
be triggered simply by heavy traffic.

Unsetting a limit you may have on HTTP connections will not
avoid this vulnerability, and could worsen the affects of any
actual overload.  However, systems with limits set will exceed 
those limits more quickly.

The vulnerability appears to be present in the way Xitami
handles Keep-Alive connections.  Specifically, the server will
not close Keep-Alive connections even when appropriate
timeouts have been set.

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Next message: Stan Bubrouski: "Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks"
Previous message: Stan Bubrouski: "Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS"
Next in thread: Muhammad Faisal Rauf Danka: "Re: Clarification on Xitami DoS"
Maybe reply: Muhammad Faisal Rauf Danka: "Re: Clarification on Xitami DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 05 2002 - 13:05:37 PDT