[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : IBM Websphere 3.52 Kernel Leak DoS

Title: IBM Websphere 3.52 Kernel Leak DoS
Released by: Defcom Labs
Date: 8th January 2001
Printable version: Click here
======================================================================

                   Defcom Labs Advisory def-2001-02



              IBM Websphere 3.52 Kernel Leak DoS



Author: Peter Gründl 

Release Date: 2001-01-08

======================================================================

------------------------=[Brief Description]=-------------------------

The Apfa cache in the IBM HTTP Server, which Websphere is built on,

has problems handling certain types of URL requests. The result of

such a URL is a kernel leak, which will eventually end up consuming

all available kernel memory and rendering the host useless.



------------------------=[Affected Systems]=--------------------------

- IBM WebSphere 3.52 (IBM HTTP Server 1.3.12) for Windows NT



----------------------=[Detailed Description]=------------------------

Sending a continous stream of HTTP requests resulting in "bad request"

will cause a kernel leak in Windows NT. There are many ways to trigger

the bad request result that triggers the leak,



eg. GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n



---------------------------=[Workaround]=-----------------------------

Comment out the three lines beginning with "Apfa" in the httpd.conf

file (located in the conf directory in the web server folder).



-------------------------=[Vendor Response]=--------------------------

This issue was brought to the vendor's attention on the 8th of

December, 2000. A workaround was received from the vendor on the 5th

of January, 2001.



"This issue is caused by a problem in the AfpaCache module of the IBM

HTTP Server. The only workaround at this time is to disable the

AfpaCache. IBM Development is working on fixing this issue, but it is

not yet known when a fix will be available."



======================================================================

             This release was brought to you by Defcom Labs



               labs@defcom.com             www.defcom.com

======================================================================








(C) 1999-2000 All rights reserved.