Date: Wed, 12 Aug 1998 17:24:33 +0200 From: Martin Cracauer <cracauer@cons.org> To: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: DOS exploit in Apache Message-ID: <19980812172433.A15544@cons.org> In-Reply-To: <199808111816.MAA18952@lariat.lariat.org>; from Brett Glass on Tue, Aug 11, 1998 at 12:13:06PM -0600 References: <199808111816.MAA18952@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In <199808111816.MAA18952@lariat.lariat.org>, Brett Glass wrote: > All recent versions of Apache can be made to demand virtually unlimited > amounts of memory if they are fed large numbers of HTML request headers. I > haven't seen a fix for FreeBSD yet; have the published package and port > been patched yet? This is one of the (rare, IHMO) cases where FreeBSD's conservative resource limit defaults do something good. So on FreeBSD you can't launch a denial-of-service attack for the whole machine this way. Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer <cracauer@cons.org> http://www.cons.org/cracauer BSD User Group Hamburg, Germany http://www.bsdhh.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980812172433.A15544>