oss-sec mailing list archives
Re: squid DoS in external auth header parser
From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 4 Aug 2009 19:48:13 +0200
Hi, * Vincent Danen <vdanen () redhat com> [2009-08-04 17:20]:
* [2009-08-04 12:13:29 +0200] Nico Golde wrote:
[...]
CVE-2009-2622 CVE-2009-2621Are you sure? According to MITRE's descriptions, CVE-2009-2621 deals with a lack of enforcing "buffer limites and related bound checks", and CVE-2009-2622 deals with malformed requests. When I was looking, it didn't seem like either of these were the issue noted in the Debian bug. Bug #2704 on the squid site is still UNCONFIRMED with no additional comments made to it, so I don't think this is fixed in the latest upstream release (and wouldn't fall under one of these CVE's). I don't think a CVE has been assigned to this issue, and I don't think it has been fixed.
Oergs sorry, yes you are right. I mixed up the issues here. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- squid DoS in external auth header parser Vincent Danen (Jul 20)
- Re: squid DoS in external auth header parser security curmudgeon (Aug 03)
- Re: squid DoS in external auth header parser Nico Golde (Aug 04)
- Re: squid DoS in external auth header parser Vincent Danen (Aug 04)
- Re: squid DoS in external auth header parser Nico Golde (Aug 04)
- Re: squid DoS in external auth header parser Vincent Danen (Aug 04)
- Re: squid DoS in external auth header parser Steven M. Christey (Aug 18)