[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Apache mod_dav_svn denial of service in propfind request

From: Jorn van Engelen <spamme_at_quzart.nl>
Date: Tue, 02 Jun 2009 00:13:08 +0200

http://milw0rm.com/exploits/8842

I checked whether this exploit works, and it did against the 1.5.1
ubuntu hardy-backport package of subversion and libapache2-svn. It also
worked against the latest trunk checkout of subversion.

When using this exploit, ram usage increases rapidly. When all the swap
space is used the system hangs.

I think this issue is already discussed in the "Memory leak with 1.6.x
clients" thread from dev_at_subversion.tigris.org, but I'm not sure.

Yours sincerely,
Jorn van Engelen

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2358435

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-02 00:21:18 CEST

This is an archived mail posted to the Subversion Users mailing list.