Project

General

Profile

Actions
Copy link

Bug #477

closed

misformed auth exploit / DOS attack

Added by Anonymous over 19 years ago. Updated over 18 years ago.

Status:
Fixed
Priority:
High
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

Misformed auth requests can cause lighttpd (1.4.9) to crash:

Program received signal SIGSEGV, Segmentation fault.
0x224f2a46 in http_auth_digest_check (srv=0x8068a48, con=0x0, p=0x807ffb0, req=0x8083758, url=0x0,
realm_str=0x80de76f "username=\"beta\", realm=\"Beta\", nonce=\"b1d12348b4620437c43dd61c50ae4639\", uri=\"/MJ-BONG.xm.mpc\", qop=auth, noncecount=00000001\", cnonce=\"036FCA5B86F7E7C4965C7F9B8FE714B7\", response=\"29B32C2953C763C6D03"...) at http_auth.c:931
931 MD5_Update(&Md5Ctx, (unsigned char *)nc, strlen(nc));

Chat excerpt:

<DEATH> Digest realm="Beta", nonce="b1d12348b4620437c43dd61c50ae4639", qop="auth"
<DEATH> Digest username="beta", realm="Beta", nonce="b1d12348b4620437c43dd61c50ae4639", uri="/MJ-BONG.xm.mpc", qop=auth, noncecount=00000001", cnonce="036FCA5B86F7E7C4965C7F9B8FE714B7", response="29B32C2953C763C6D033C8A49983B87E"
<DEATH> note bad " after noncecount

-- gcp

Added by jan over 19 years ago

Revision 4a81e17c (diff)

qop is required nc and nonce (fixes #477)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@971 152afb58-edef-0310-8abb-c4023f1b3aa9

Actions
Copy link

Also available in: Atom