Depending on the system load apache with apache-mpm-worker and mod_ssl enabled will cause ssl to run out of memory and crash. The following patch resolves this issue. It will be needed to be ported to intrepid since it is also vulnerable to this condition.
Depending on the system load apache with apache-mpm-worker and mod_ssl enabled will cause ssl to run out of memory and crash. The following patch resolves this issue. It will be needed to be ported to intrepid since it is also vulnerable to this condition.
Steps to reproduce: (TEST CASE)
1. Install apache-mpm-worker and ssl-cert /help.ubuntu. com/8.04/ serverguide/ C/certificates- and-security. html. sites-enabled/ default.
2. Confgure the SSL cert according to https:/
3. Use the following config in your /etc/apache2/
NameVirtualHost *:443 certs/ssl. pem
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/
DocumentRoot /var/www
<Directory />
Options Indexes
</Directory>
</VirtualHost>
4. Run the following command:
ab -n 100000 -c 20 -f tls1 https://<ip address>:443/
You should get OOM errors in a couple of minutes of running the test.
If you have any questions let me know.
Regards
chuck