1 /* apache−massacre.c
2 * Test code for Apache 2.x Memory Leak
3 * By Matthew Murphy
5 * DISCLAIMER: This exploit tool is provided only to test networks for a
6 * known vulnerability. Do not use this tool on systems you do not control,
7 * and do not use this tool on networks you do not own without appropriate
8 * consent from the network owner. You are responsible for any damage your
9 * use of the tool causes. In no event may the author of this tool be held
10 * responsible for damages relating to its use.
12 * As with most Apache exposures, the impacts vary between ports of the server:
14 * Non−Unix (Win32, Netware, OS/2): These ports are most adversely affected
15 * by this, as Apache’s child process doesn’t terminate normally unless the
16 * parent process stops. This means that leaks (and any performance loss) hang
17 * around until Apache is restarted.
19 * Unix/mpm_prefork: This MPM offers the most protection against successful
20 * exploitation, as its processes exit at the end of the request.
22 * Unix/other MPMs: These other MPMs utilize multiple Apache processes for
23 * multiple Apache requests. Depending on the MPM in use and the traffic rates
24 * of the server, this may be used to the advantage of a potential attacker.
25 * If multiple different Apache processes are utilized, an attacker can spread
26 * the substantial leak between processes to dodge resource limits imposed on
27 * httpd’s UID (usually nobody, www, or apache)
29 * Credit: iDEFENSE reported this issue to several security lists on April 8,
30 * 2003 following the Apache release announcement. Apache fixed the flaw about
31 * a month after the initial disclosure of this vulnerability. iDEFENSE credits
32 * the discovery of this vulnerability to an anonymous researcher.
34 * Happy Hunting!
37 #ifndef _WIN32
38 #include <netdb.h>
39 #include <sys/types.h>
40 #include <sys/socket.h>
41 #include <sys/wait.h>
42 #include <sys/stat.h>
43 #include <sys/time.h>
44 #include <netinet/in.h>