[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: polipo DoS via overly large "Content-Length" header
From: Raphael Geissert <geissert () debian ! org>
Date: 2009-12-12 7:00:15
Message-ID: hfvf1v$83h$1 () ger ! gmane ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
A vulnerability has been found in polipo that allows a remote attacker to
crash the daemon via an overly large "Content-Length" header.
The vulnerability is caused by connection->reqlen (in client.c:
httpClientDiscardBody()) being a signed integer which can be overflowed
turning it into a negative value which later leads to a segmentation fault
in the call to memmove.
References:
http://www.exploit-db.com/exploits/10338
http://bugs.debian.org/560779
http://secunia.com/advisories/37607/
Could a CVE be assigned?
Thanks in advance.
Regards
- --
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksjP4MACgkQYy49rUbZzlqESQCdG3O9usXILnu4G6NuMmfUcQ2b
uYMAn1Y54+xj89y3cqXrpeQHUirdrr6E
=KUfO
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic