[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] squid DoS in external auth header parser
From: Vincent Danen <vdanen () redhat ! com>
Date: 2009-07-20 17:33:29
Message-ID: 20090720173329.GH4372 () redhat ! com
[Download RAW message or body]
I noticed this on Debian's bts [1] and also on upstream's bugzilla [2]
but no CVE has been assigned (not sure if one has been requested or not,
but I've not seen a request come through here).
By the initial looks of things, it seems to be a fairly low severity
issue and may not be easy to duplicate/trigger. The reporter didn't really
provide much in the way of a reproducer or relevant configs (and the
reference to zope auths makes me not even want to touch it).
Has anyone taken a look at this or has a CVE been requested for it?
Upstream has done nothing with this despite it being reported two weeks
ago.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982
[2] http://www.squid-cache.org/bugs/show_bug.cgi?id=2704
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic