[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] squid DoS in external auth header parser
From:       Vincent Danen <vdanen () redhat ! com>
Date:       2009-07-20 17:33:29
Message-ID: 20090720173329.GH4372 () redhat ! com
[Download RAW message or body]

I noticed this on Debian's bts [1] and also on upstream's bugzilla [2]
but no CVE has been assigned (not sure if one has been requested or not,
but I've not seen a request come through here).

By the initial looks of things, it seems to be a fairly low severity
issue and may not be easy to duplicate/trigger.  The reporter didn't really
provide much in the way of a reproducer or relevant configs (and the
reference to zope auths makes me not even want to touch it).

Has anyone taken a look at this or has a CVE been requested for it?
Upstream has done nothing with this despite it being reported two weeks
ago.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982
[2] http://www.squid-cache.org/bugs/show_bug.cgi?id=2704

-- 
Vincent Danen / Red Hat Security Response Team 
[prev in list] [next in list] [prev in thread] [next in thread]