oss-sec mailing list archives
CVE-Request: squid pinger remote DoS
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 9 Sep 2014 10:53:51 +0200
Hi I made a fix for squid 3.4.6 and request a CVE for this issue: The pinger code that checks for nodes being alive doesnt properly validate ICMP and ICMPv6 replies, in particular icmp6 types which are used to index into a string array. This could cause crashes when the index is OOB. A patch is available here: https://bugzilla.novell.com/show_bug.cgi?id=891268 I also made some cleanups and error checking on the receive socket. I am not deep into the overall squid architecture so I dont know what happens to squid itself when the pinger sub-process crashes (think SIGPIPE etc). But to me it looks like you can only DoS the pinger sub-system, not the whole squid. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
- Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)
- Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)