Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 04 Sep 2014 10:29:53 +0200
From: Pierre Schweitzer <pierre@...ctos.org>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: RFC: Denial of Service in XCache?

Dear all,

I'm looking for comments about a XCache bug which is visible in Ubuntu
12.04LTS (and left unfixed so far). It is #LP1189436
(https://bugs.launchpad.net/ubuntu/+source/xcache/+bug/1189436).
It basically happens when you try to query XCache state, then it SIGSEV
(and thus makes php5 crash). This can be easily reproduced with the
Munin plugin at: http://www.ohardt.net/dev/munin/ (munin_xcache.php
file). It triggers the crash on every query on our infrastructure.

I'm not sure it's a security issue as you may protect this using admin
password. But what about shared web hosting where you wouldn't have set
any password?

Was it spotted/reported on other distributions?

Cheers,

-- 
Pierre Schweitzer <pierre@...ctos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.



[ CONTENT OF TYPE application/pkcs7-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ