RFC: Denial of Service in XCache?

[Pierre Schweitzer <pierre () reactos org>]

Dear all,

I'm looking for comments about a XCache bug which is visible in Ubuntu
12.04LTS (and left unfixed so far). It is #LP1189436
(https://bugs.launchpad.net/ubuntu/+source/xcache/+bug/1189436).
It basically happens when you try to query XCache state, then it SIGSEV
(and thus makes php5 crash). This can be easily reproduced with the
Munin plugin at: http://www.ohardt.net/dev/munin/ (munin_xcache.php
file). It triggers the crash on every query on our infrastructure.

I'm not sure it's a security issue as you may protect this using admin
password. But what about shared web hosting where you wouldn't have set
any password?

Was it spotted/reported on other distributions?

Cheers,

-- 
Pierre Schweitzer <pierre () reactos org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature