Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Tue, 1 Apr 2008 11:17:12 +0200
From: Tomas Hoger <thoger@...hat.com>
To: "Steven M. Christey" <coley@...re.org>
Subject: CVE id request: squid

Hi!

Squid developers recently updated their Squid security advisory
SQUID-2007_2 released few months back.  It was modified to list another
patch that fixes a problem introduced in previous patch.

An attacker can cause squid to hit assert in the child process, causing
it to exit.  This is a temporary DoS, breaking existing connections and
making squid unavailable for a while.  New child is spawned by squid
parent process.  Easy to perform if attacker has control over the
server, but I guess it may be possible in reverse proxy setups as well.

http://marc.info/?l=squid-announce&m=120614453813157&w=2
http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch

-- 
Tomas Hoger / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux