oss-sec mailing list archives

Re: CVE assignment for c-icap Server

From: Kristian Fiskerstrand <kristian.fiskerstrand () sumptuouscapital com>
Date: Sun, 14 Sep 2014 22:48:49 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 09/01/2014 11:30 PM, Kristian Fiskerstrand wrote:

Hi,

[0] lists a vulnerability for c-icap Server as:  "contains a flaw
in the parse_request() function of request.c that may allow a
remote denial of service. The issue is triggered when the buffer
fails to contain a ' ' or '?' symbol, which will cause the end
pointer to increase and surpass allocated memory. With a specially
crafted request (e.g. via the OPTIONS method), a remote attacker
can cause a loss of availability for the program." as described in
[1]. From what I can see this was fixed in [2].

Has a CVE been assigned to this issue already? if not I request
that one is assigned.

References: [0] http://www.osvdb.org/show/osvdb/89304 [1]
http://osvdb.org/ref/89/c-icap.txt [2]
http://sourceforge.net/p/c-icap/code/1018/


Friendly ping for any feedback on this post.


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Dura necessitas
Necessity is harsh
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUFf8wAAoJEPw7F94F4TagXoEP/jcjVZf0r0yHX4aosAr0o2cP
KXHot+wDTo3WZsBpHUt1U6LS8hNMZzX7GbgJkerx3uayhncdMrAGThDwxJrx7Ixg
/BVcwlKh9fBfZSO52zFl/bhP/X0APlxSg6LMQaBtGjAZ2991oQf/xKYmdxsH+Try
jrKiOMRP272sFmeWP8hUhhcWfbLc+/7BBSoXqA8DvmJIOWT8OapU4Jv7shJnsr+y
MpVtK9AtQlqw3I7hZ/iTKjORexOLliWFulZUcKu1gd8lpo8aKHQR6qK+JGwWaaFK
1lUMTAyGsfUF8h9S/iGH1AOnTzSuD6n0rJ7y7QuHgUODP0Ax7ywsvveWFW2HlRRT
GXo3umPB2tqSkX6QcSg4d81/WR8GJYus7MSjlCu4HJ6xaprX0AdCh1WM10Bih0/6
bcHDHJEBLaVwsfpD0KikiRCBrja1DTPHFajRERKqdiM0GR7vcy1kqDio9mGibrzf
5hvYLqDQWN/hTbYOsoSJ88tAs5HbhZTHQFmyUxd0tyrzQRPlneudYimWyFXHwaT+
9D3PS7UJi/Nad+IMiXNu2tCwFC2bZkbq+d3B50o+VT+8/vcv//X+/3o6sP0osC7H
0JEJAMKzg8DlaVErnxkGfoC8t6UVDfrRmhPv1+CTlwruCEoC0z2w1UNw4qiXF9xx
lGZZ8JsFjp/olojmGhax
=Uvcf
-----END PGP SIGNATURE-----

Current thread:

CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 01)
- Re: CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 14)
- Re: CVE assignment for c-icap Server cve-assign (Sep 15)