'Re: [oss-security] CVE request: haproxy trash buffer overflow flaw'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: haproxy trash buffer overflow flaw
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-05-23 18:08:34
Message-ID: 4FBD27A2.2010108 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/23/2012 11:37 AM, Vincent Danen wrote:
> Could a CVE be assigned to this flaw please?
> 
> A flaw was reported in HAProxy where, due to a boundary error when 
> copying data into the trash buffer, an external attacker could
> cause a buffer overflow.  Exploiting this flaw could lead to the
> execution of arbitrary code, however it requires non-default
> settings for the global.tune.bufsize configuration option (must be
> set to a value greater than the default), and also that header
> rewriting is enabled (via, for example, the regrep or rsprep
> directives).
> 
> This flaw is reported against 1.4.20, prior versions may also be 
> affected.  This has been fixed upstream in version 1.4.21 and in
> git.
> 
> References:
> 
> https://secunia.com/advisories/49261/ 
> http://haproxy.1wt.eu/download/1.4/src/CHANGELOG 
> http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b
>
>  https://bugzilla.redhat.com/show_bug.cgi?id=824542

Please use CVE-2012-2391 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPvSeiAAoJEBYNRVNeJnmTFTwP/0gQi4YSBbmGuUlRsrn3bl1b
VQV1kO0Ipk2vq2fsG7FEhwnobS8KWlYRHU8UGfgbCjPjAKRwkE0y5m59GeauND+e
PMKYMLGuvEKY42kxgS6A3FsfAnWO6dyNtxTkCM/HnCmKuXoOpQAcx6cj26UlECvf
Lu+3GOcYwyZJqevgW7dI2YUtNxvwYuQOUtOd0ha/XW0MXmvRhlRdu/+9C1ait1wG
VIcbrlU0oGGmJR/0nG5S6ajrjf0vPHcNlDOL/fNLZqrkf//Pjvm9ozGKwyRHDSnj
JplRrchBSBBGyP383vOYF5/7RL0ZL6r+XfJrs7fUGXuVcNmA5GpQNVV03DuzFs0e
FNWqUROjcCWGJJHsB3Ks2WNmLfoj5OM7Pf/1rTteCCgI3qZ/hEXHc8pK2W/Hd4pu
hifcx53J9UEZ8HqpKhjAxNGhpuJ7ZReXaF4diKFMue2fZIFCJMtOmB1Epr2WHi1A
ym1n+nTz+lrMhbFBJiHdgx/KhPlxOxAWD9X34ENLR+emViSO4KwOpgmP0SnbiyNR
MW4HjInUfb2UclBhDqJclPm+2D5xLMH23VIOMk8g7cvPheVJ+Qu7P2hmTuKaAs/Y
pGkV/Cc7jiXaMmfFocYnhjhZtNO9pU8V4aq3/xxgUG32Rm8cUmEyyb4CieYIOcEI
nbTapWRRQHCDY93/3fD8
=2CdO
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic