Project

General

Profile

Actions
Copy link

Bug #477

closed

misformed auth exploit / DOS attack

Added by Anonymous over 18 years ago. Updated over 17 years ago.

Status:
Fixed
Priority:
High
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

Misformed auth requests can cause lighttpd (1.4.9) to crash:

Program received signal SIGSEGV, Segmentation fault.
0x224f2a46 in http_auth_digest_check (srv=0x8068a48, con=0x0, p=0x807ffb0, req=0x8083758, url=0x0,
realm_str=0x80de76f "username=\"beta\", realm=\"Beta\", nonce=\"b1d12348b4620437c43dd61c50ae4639\", uri=\"/MJ-BONG.xm.mpc\", qop=auth, noncecount=00000001\", cnonce=\"036FCA5B86F7E7C4965C7F9B8FE714B7\", response=\"29B32C2953C763C6D03"...) at http_auth.c:931
931 MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));

Chat excerpt:

<DEATH> Digest realm="Beta", nonce="b1d12348b4620437c43dd61c50ae4639", qop="auth"
<DEATH> Digest username="beta", realm="Beta", nonce="b1d12348b4620437c43dd61c50ae4639", uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001", cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7", response="29B32C2953C763C6D033C8A49983B87E"
<DEATH> note bad " after noncecount

-- gcp

Actions
Copy link
 #1

Updated by jan over 18 years ago

  • Status changed from New to Assigned

i can verify the bug and added a testcase to the testsuite.

Actions
Copy link
 #2

Updated by jan about 18 years ago

  • Status changed from Assigned to Fixed
  • Resolution set to fixed

fixed in r971

Actions
Copy link

Also available in: Atom