Title: Red Hat TUX HTTP Server Oversized Host Denial of Service Vulnerability
Severity: MODERATE
Description:
TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content.
An error exists when the TUX daemon received an oversized Host: header as part of an HTTP request. The request will result in an assertation failure and eventually in a kernel panic. At this point a system reboot will be required to regain normal functionality.
When the vulnerability is exploited, an error is generated as the result of a bad EIP address. As this error is recognized, it is not believed this can be exploited to execute arbitrary code.
Affected Products:
- RedHat TUX 2.1.0.0-2
References:
- RedHat: TUX Web Server Manuals
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
