Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:  Sat, 12 Dec 2009 01:00:15 -0600
From:  Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject:  CVE request: polipo DoS via overly large "Content-Length" header

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

A vulnerability has been found in polipo that allows a remote attacker to
crash the daemon via an overly large "Content-Length" header.
The vulnerability is caused by connection->reqlen (in client.c:
httpClientDiscardBody()) being a signed integer which can be overflowed
turning it into a negative value which later leads to a segmentation fault
in the call to memmove.

References:
http://www.exploit-db.com/exploits/10338
http://bugs.debian.org/560779
http://secunia.com/advisories/37607/

Could a CVE be assigned?

Thanks in advance.

Regards
- -- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksjP4MACgkQYy49rUbZzlqESQCdG3O9usXILnu4G6NuMmfUcQ2b
uYMAn1Y54+xj89y3cqXrpeQHUirdrr6E
=KUfO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ