#1663 Long SEARCH URI cause Webmin to Fail
Stryder@chatsoba.com
Currently I'm running Webmin 1.50 on a FreeBSD 4.9
I've noticed over the past couple of weeks an increase
in "SEARCH /\x90\x02\xb1\x02\xb1\x02..." coming uip in
my weblogs. The string itself seems to be a
Bufferoverflow attack from "infected" machines in China
(and slowly spreading)
I think the attack itself is just designed to attempt to
overflow any servers that happen to be running on those
ports since the total lengh of the URL is 32Kb's in weight.
Admittedly Apache had problems dealing with it,
Virtualhosts were getting dropped and then coming back
up as it dealt by killing it's Child processes.
However Webmins current server build couldn't handle
the attack in the same way, which causes it to
completely fail and even lock itself from being restarted.
I hope this information is accurate enough to help the
future development of Webmin.
Logged In: YES
user_id=129364
Thanks for the bug report - a request like that may be
interpreted by Webmin as a failed non-SSL connection when in
SSL mode, which then wastes resources attempting to talk back.
In future, Webmin will reject SEARCH HTTP methods out of
hand, since they aren't supported anyway!