[Mongrel] [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack

Ian C. Blenke ian at blenke.com
Wed Oct 25 19:51:58 EDT 2006

Zed A. Shaw wrote:

>There is a DoS for Ruby's cgi.rb that is easily exploitable.  The attack involves sending a malformed multipart MIME body in an HTTP request.  The full explanation of the attack as well as how to fix it RIGHT NOW is given below.

Another quick fix is to download the latest cgi.rb from the Ruby CVS 
repository and install that as your system cgi.rb:

    # wget -O cgi.rb 
    # install -m 644 cgi.rb /usr/lib/ruby/1.8/cgi.rb

You will still get spinners, however (though the malformed boundary 
spinners do seem to go away).

Using + the revision 356 patch (not really sure how necessary 
that was), along with replacing cgi.rb, has solved most of our mongrel woes.

Also, if you're not using monit yet, seriously consider embracing it now.

- Ian C. Blenke <ian at blenke.com> http://ian.blenke.com/
PS. In our testing, we did see WEBrick affected by this as well. It is 
not just Mongrel. FCGI appears to weather this particular problem just fine.

More information about the Mongrel-users mailing list