[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: haproxy trash buffer overflow flaw
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-05-23 18:08:34
Message-ID: 4FBD27A2.2010108 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/23/2012 11:37 AM, Vincent Danen wrote:
> Could a CVE be assigned to this flaw please?
>
> A flaw was reported in HAProxy where, due to a boundary error when
> copying data into the trash buffer, an external attacker could
> cause a buffer overflow. Exploiting this flaw could lead to the
> execution of arbitrary code, however it requires non-default
> settings for the global.tune.bufsize configuration option (must be
> set to a value greater than the default), and also that header
> rewriting is enabled (via, for example, the regrep or rsprep
> directives).
>
> This flaw is reported against 1.4.20, prior versions may also be
> affected. This has been fixed upstream in version 1.4.21 and in
> git.
>
> References:
>
> https://secunia.com/advisories/49261/
> http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
> http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b
>
> https://bugzilla.redhat.com/show_bug.cgi?id=824542
Please use CVE-2012-2391 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPvSeiAAoJEBYNRVNeJnmTFTwP/0gQi4YSBbmGuUlRsrn3bl1b
VQV1kO0Ipk2vq2fsG7FEhwnobS8KWlYRHU8UGfgbCjPjAKRwkE0y5m59GeauND+e
PMKYMLGuvEKY42kxgS6A3FsfAnWO6dyNtxTkCM/HnCmKuXoOpQAcx6cj26UlECvf
Lu+3GOcYwyZJqevgW7dI2YUtNxvwYuQOUtOd0ha/XW0MXmvRhlRdu/+9C1ait1wG
VIcbrlU0oGGmJR/0nG5S6ajrjf0vPHcNlDOL/fNLZqrkf//Pjvm9ozGKwyRHDSnj
JplRrchBSBBGyP383vOYF5/7RL0ZL6r+XfJrs7fUGXuVcNmA5GpQNVV03DuzFs0e
FNWqUROjcCWGJJHsB3Ks2WNmLfoj5OM7Pf/1rTteCCgI3qZ/hEXHc8pK2W/Hd4pu
hifcx53J9UEZ8HqpKhjAxNGhpuJ7ZReXaF4diKFMue2fZIFCJMtOmB1Epr2WHi1A
ym1n+nTz+lrMhbFBJiHdgx/KhPlxOxAWD9X34ENLR+emViSO4KwOpgmP0SnbiyNR
MW4HjInUfb2UclBhDqJclPm+2D5xLMH23VIOMk8g7cvPheVJ+Qu7P2hmTuKaAs/Y
pGkV/Cc7jiXaMmfFocYnhjhZtNO9pU8V4aq3/xxgUG32Rm8cUmEyyb4CieYIOcEI
nbTapWRRQHCDY93/3fD8
=2CdO
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic