oss-sec mailing list archives
Re: squid DoS in external auth header parser
From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 4 Aug 2009 12:13:29 +0200
Hi, * Vincent Danen <vdanen () redhat com> [2009-07-20 19:48]:
I noticed this on Debian's bts [1] and also on upstream's bugzilla [2] but no CVE has been assigned (not sure if one has been requested or not, but I've not seen a request come through here). By the initial looks of things, it seems to be a fairly low severity issue and may not be easy to duplicate/trigger. The reporter didn't really provide much in the way of a reproducer or relevant configs (and the reference to zope auths makes me not even want to touch it). Has anyone taken a look at this or has a CVE been requested for it?
CVE-2009-2622 CVE-2009-2621 Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- squid DoS in external auth header parser Vincent Danen (Jul 20)
- Re: squid DoS in external auth header parser security curmudgeon (Aug 03)
- Re: squid DoS in external auth header parser Nico Golde (Aug 04)
- Re: squid DoS in external auth header parser Vincent Danen (Aug 04)
- Re: squid DoS in external auth header parser Nico Golde (Aug 04)
- Re: squid DoS in external auth header parser Vincent Danen (Aug 04)
- Re: squid DoS in external auth header parser Steven M. Christey (Aug 18)