oss-sec mailing list archives

Re: squid DoS in external auth header parser

From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 4 Aug 2009 12:13:29 +0200

Hi,
* Vincent Danen <vdanen () redhat com> [2009-07-20 19:48]:

I noticed this on Debian's bts [1] and also on upstream's bugzilla [2]
but no CVE has been assigned (not sure if one has been requested or not,
but I've not seen a request come through here).

By the initial looks of things, it seems to be a fairly low severity
issue and may not be easy to duplicate/trigger.  The reporter didn't really
provide much in the way of a reproducer or relevant configs (and the
reference to zope auths makes me not even want to touch it).

Has anyone taken a look at this or has a CVE been requested for it?


CVE-2009-2622
CVE-2009-2621

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

squid DoS in external auth header parser Vincent Danen (Jul 20)
- Re: squid DoS in external auth header parser security curmudgeon (Aug 03)
- Re: squid DoS in external auth header parser Nico Golde (Aug 04)
  - Re: squid DoS in external auth header parser Vincent Danen (Aug 04)
    - Re: squid DoS in external auth header parser Nico Golde (Aug 04)
- Re: squid DoS in external auth header parser Steven M. Christey (Aug 18)