[OT] Practical consequence of http://www.php-security.org/MOPB/MOPB-02-2007.html on Sarge

To: debian-security@lists.debian.org
Subject: [OT] Practical consequence of http://www.php-security.org/MOPB/MOPB-02-2007.html on Sarge
From: Thorsten Schmidt <meine_mailings@web.de>
Date: Thu, 1 Mar 2007 16:13:14 +0100
Message-id: <[🔎] 200703011613.14405.meine_mailings@web.de>

Hi folks,

I've looked at
http://www.php-security.org/MOPB/MOPB-02-2007.html.
and reproduced it on sarge/etch and apache2.
I saw childs dieing and respawning, increasing the load on my system, but 
DoS'ing this way seems to be way ineffictive to me (compared to the usual: 
Let's create a bunch of tcp-sockets 'till a ressources are exhausted thing).
This might be an issue on FreeBSD, if protective http rules are set, but is it 
an issue on debian, too?

Greets
Thorsten

Reply to:

Prev by Date: Bug#357561: privilege escalation hole
Next by Date: Re: Bug#357561: privilege escalation hole
Previous by thread: Re: Bug#357561: privilege escalation hole
Next by thread: workstation iptables
Index(es):
- Date
- Thread