Apache mod_dav_svn denial of service in propfind request

From: Jorn van Engelen <spamme_at_quzart.nl>
Date: Tue, 02 Jun 2009 00:13:08 +0200

I checked whether this exploit works, and it did against the 1.5.1
ubuntu hardy-backport package of subversion and libapache2-svn. It also
worked against the latest trunk checkout of subversion.

When using this exploit, ram usage increases rapidly. When all the swap
space is used the system hangs.

I think this issue is already discussed in the "Memory leak with 1.6.x
clients" thread from dev_at_subversion.tigris.org, but I'm not sure.

Yours sincerely,
Jorn van Engelen

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2358435

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-06-02 00:21:18 CEST

This message: [ Message body ]
Next message: info: "Bug in svn 1.6.2 configure"
Previous message: Carlos Diógenes: "problem fetching external item behind a proxy/firewall"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]