oss-sec mailing list archives
Re: CVE-Request: squid pinger remote DoS
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 16 Sep 2014 09:16:35 +0200
On Tue, Sep 16, 2014 at 02:56:30AM -0400, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1I made a fix for squid 3.4.6 and request a CVEhttps://bugzilla.novell.com/show_bug.cgi?id=891268Regardless of the "what happens to squid itself" answer, is it known that the crash has a security impact? This message seemed to conclude
Well, in any case whether its restarted or not, it should be fixed. For me its a remote DoS, its your decision if it qualifies for a CVE. The indexing bug is the "real issue" whereas the others IMHO qualify as hardening and only produce junk-packets or fake logs if exploited. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
- Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)
- Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)