oss-sec mailing list archives

Re: CVE Request: Perlbal DoS

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 27 Mar 2008 19:06:08 -0400 (EDT)


======================================================
Name: CVE-2008-1532
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1532
Reference: CONFIRM:http://search.cpan.org/src/BRADFITZ/Perlbal-1.70/CHANGES
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=214784
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=439054

Perlbal before 1.70, when buffered upload is enabled, allows remote
attackers to cause a denial of service (crash) via a zero-byte chunked
upload.

Current thread:

CVE Request: Perlbal DoS Lubomir Kundrak (Mar 26)
- Re: CVE Request: Perlbal DoS Steven M. Christey (Mar 27)