oss-sec mailing list archives

Re: squid DoS in external auth header parser

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 18 Aug 2009 16:42:18 -0400 (EDT)


======================================================
Name: CVE-2009-2855
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2855
Reference: MLIST:[oss-security] 20090720 squid DoS in external auth header parser
Reference: URL:http://www.openwall.com/lists/oss-security/2009/07/20/10
Reference: MLIST:[oss-security] 20090803 Re: squid DoS in external auth header parser
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/03/3
Reference: MLIST:[oss-security] 20090804 Re: squid DoS in external auth header parser
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/04/6
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982
Reference: MISC:http://www.squid-cache.org/bugs/show_bug.cgi?id=2704
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7
allows remote attackers to cause a denial of service via a crafted
auth header with certain comma delimiters that trigger an infinite
loop of calls to the strcspn function.

Current thread:

squid DoS in external auth header parser Vincent Danen (Jul 20)
- Re: squid DoS in external auth header parser security curmudgeon (Aug 03)
- Re: squid DoS in external auth header parser Nico Golde (Aug 04)
  - Re: squid DoS in external auth header parser Vincent Danen (Aug 04)
    - Re: squid DoS in external auth header parser Nico Golde (Aug 04)
- Re: squid DoS in external auth header parser Steven M. Christey (Aug 18)