oss-sec mailing list archives
Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 17 Dec 2012 10:36:00 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/17/2012 10:27 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, A denial of service flaw was found in the way the CGI Cache Manager of the Squid proxy caching server processed certain requests. A remote attacker could this this flaw to cause the squid service to consume excessive amount of resources. References: [1] http://www.squid-cache.org/Advisories/SQUID-2012_1.txt [2] https://bugs.gentoo.org/show_bug.cgi?id=447596 [3] https://secunia.com/advisories/51545/ [4] https://bugzilla.redhat.com/show_bug.cgi?id=887962 Upstream patches: [5] http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
(against the 3.1 branch)
[6] http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
(against the 3.2 branch)
Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2012-5643 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQz1gAAAoJEBYNRVNeJnmTmbUP/3cyX/iTyq6kPMIy8E3k7And M/zWoOucYMWO7Qy0kPxdt/lArzc5d/MUYKG2lU3Me3MBexMGO2vLERZCqHVnvCM0 O9aAFRzDGBYUoSW8cOSuLMRfO0rkxPKrixgU2pFxxdpwJ5zdmauzqmv8F9EWCIBx 8uVzbelum4qYwdDy3L+hlZMxB8BhezjurPPAoktDD4FtE3SfJ66kJ+sfaShryCII ZROGbQeD4jZ2+vL4YO9bpcsz4RD8Me3Jj1Psyh0+p1uTk11gPuK5LDEoPXPBWpX5 qaQDfBiy1mP/fFiWPDnAXFJo7+KnLyFkbJC7ciPxvR7Bwt+6CApXRUGfpKoGw7W4 ie13JYn6jaeHrrV7AFIqfmcATrKibpcDQGXK2JhrYRWe70vMpQv7DqRezVRT7N37 3a+/C2QS51iwNr4n+FZrbvgbY6JIRqo9VDkjeSW43AeznswbercMobbHoMERJQ8J X+FZZryV/UbzjNPN7QOp8oVxxF7CSsFgJgxUW7ppvb/YBQXtHRGPaaOzcN8MP0Ro ch3dhqMfC/tS3qYjs3SjgIoB0MP31XlhREz0UYyPEmFXm+EsUaA4xkm/iPs8kD7W DBXTD/AuzAYB3dTCsgwLlBOc8D8/bnOZDBxKQldlLgGLvL0a0gLhMdr4+BNYug4E xD1Yx64330jpJBl5Raeh =vCuD -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Jan Lieskovsky (Dec 17)
- Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Kurt Seifried (Dec 17)