Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 04 Sep 2014 10:29:53 +0200
From: Pierre Schweitzer <>
To: OSS Security List <>
Subject: RFC: Denial of Service in XCache?

Dear all,

I'm looking for comments about a XCache bug which is visible in Ubuntu
12.04LTS (and left unfixed so far). It is #LP1189436
It basically happens when you try to query XCache state, then it SIGSEV
(and thus makes php5 crash). This can be easily reproduced with the
Munin plugin at: (munin_xcache.php
file). It triggers the crash on every query on our infrastructure.

I'm not sure it's a security issue as you may protect this using admin
password. But what about shared web hosting where you wouldn't have set
any password?

Was it spotted/reported on other distributions?


Pierre Schweitzer <>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4305 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ