Date: Thu, 04 Sep 2014 10:29:53 +0200 From: Pierre Schweitzer <pierre@...ctos.org> To: OSS Security List <oss-security@...ts.openwall.com> Subject: RFC: Denial of Service in XCache? Dear all, I'm looking for comments about a XCache bug which is visible in Ubuntu 12.04LTS (and left unfixed so far). It is #LP1189436 (https://bugs.launchpad.net/ubuntu/+source/xcache/+bug/1189436). It basically happens when you try to query XCache state, then it SIGSEV (and thus makes php5 crash). This can be easily reproduced with the Munin plugin at: http://www.ohardt.net/dev/munin/ (munin_xcache.php file). It triggers the crash on every query on our infrastructure. I'm not sure it's a security issue as you may protect this using admin password. But what about shared web hosting where you wouldn't have set any password? Was it spotted/reported on other distributions? Cheers, -- Pierre Schweitzer <pierre@...ctos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. [ CONTENT OF TYPE application/pkcs7-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ