Why am I not surprised?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Why am I not surprised?

Rod Whitworth-3
I recently saw the Full Disclosure mailing list discussion of the
Apache DoS vuln.
(http://seclists.org/fulldisclosure/2011/Aug/175)

So I did pkg_add p5-Parallel-ForkManager on a 4.9 release i386, and ran
the perl script from killapache_pl.bin (on the FD mail list). It had
absolutely no visible effect on our Apache 1.3 running on a 5.0
snapshot (Generic #16)

It didn't run out of memory, the server didn't crash and the CPU load
seen by systat was minimal (<1%).

As the title says "Why am I not surprised?"

Thanks devs for fixing bugs before they have sec numbers, you've done
it again!

R/

*** NOTE *** Please DO NOT CC me. I <am> subscribed to the list.
Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Reply | Threaded
Open this post in threaded view
|

Re: Why am I not surprised?

Andreas Hämmerle-2
On 08/25/11 06:30, Rod Whitworth wrote:

> I recently saw the Full Disclosure mailing list discussion of the
> Apache DoS vuln.
> (http://seclists.org/fulldisclosure/2011/Aug/175)
>
> So I did pkg_add p5-Parallel-ForkManager on a 4.9 release i386, and ran
> the perl script from killapache_pl.bin (on the FD mail list). It had
> absolutely no visible effect on our Apache 1.3 running on a 5.0
> snapshot (Generic #16)
>
> It didn't run out of memory, the server didn't crash and the CPU load
> seen by systat was minimal (<1%).
>
> As the title says "Why am I not surprised?"

Same here.

Running the perl script results in "Host does not seem vulnerable".
(OpenBSD 4.8 GENERIC.MP#359 i386)

Cheers,
Andreas