oss-sec mailing list archives
Re: CVE assignment for c-icap Server
From: Kristian Fiskerstrand <kristian.fiskerstrand () sumptuouscapital com>
Date: Sun, 14 Sep 2014 22:48:49 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 09/01/2014 11:30 PM, Kristian Fiskerstrand wrote:
Hi, [0] lists a vulnerability for c-icap Server as: "contains a flaw in the parse_request() function of request.c that may allow a remote denial of service. The issue is triggered when the buffer fails to contain a ' ' or '?' symbol, which will cause the end pointer to increase and surpass allocated memory. With a specially crafted request (e.g. via the OPTIONS method), a remote attacker can cause a loss of availability for the program." as described in [1]. From what I can see this was fixed in [2]. Has a CVE been assigned to this issue already? if not I request that one is assigned. References: [0] http://www.osvdb.org/show/osvdb/89304 [1] http://osvdb.org/ref/89/c-icap.txt [2] http://sourceforge.net/p/c-icap/code/1018/
Friendly ping for any feedback on this post. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Dura necessitas Necessity is harsh -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUFf8wAAoJEPw7F94F4TagXoEP/jcjVZf0r0yHX4aosAr0o2cP KXHot+wDTo3WZsBpHUt1U6LS8hNMZzX7GbgJkerx3uayhncdMrAGThDwxJrx7Ixg /BVcwlKh9fBfZSO52zFl/bhP/X0APlxSg6LMQaBtGjAZ2991oQf/xKYmdxsH+Try jrKiOMRP272sFmeWP8hUhhcWfbLc+/7BBSoXqA8DvmJIOWT8OapU4Jv7shJnsr+y MpVtK9AtQlqw3I7hZ/iTKjORexOLliWFulZUcKu1gd8lpo8aKHQR6qK+JGwWaaFK 1lUMTAyGsfUF8h9S/iGH1AOnTzSuD6n0rJ7y7QuHgUODP0Ax7ywsvveWFW2HlRRT GXo3umPB2tqSkX6QcSg4d81/WR8GJYus7MSjlCu4HJ6xaprX0AdCh1WM10Bih0/6 bcHDHJEBLaVwsfpD0KikiRCBrja1DTPHFajRERKqdiM0GR7vcy1kqDio9mGibrzf 5hvYLqDQWN/hTbYOsoSJ88tAs5HbhZTHQFmyUxd0tyrzQRPlneudYimWyFXHwaT+ 9D3PS7UJi/Nad+IMiXNu2tCwFC2bZkbq+d3B50o+VT+8/vcv//X+/3o6sP0osC7H 0JEJAMKzg8DlaVErnxkGfoC8t6UVDfrRmhPv1+CTlwruCEoC0z2w1UNw4qiXF9xx lGZZ8JsFjp/olojmGhax =Uvcf -----END PGP SIGNATURE-----
Current thread:
- CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 01)
- Re: CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 14)
- Re: CVE assignment for c-icap Server cve-assign (Sep 15)