Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:  Sat, 12 Dec 2009 01:00:15 -0600
From:  Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject:  CVE request: polipo DoS via overly large "Content-Length" header

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

A vulnerability has been found in polipo that allows a remote attacker to
crash the daemon via an overly large "Content-Length" header.
The vulnerability is caused by connection->reqlen (in client.c:
httpClientDiscardBody()) being a signed integer which can be overflowed
turning it into a negative value which later leads to a segmentation fault
in the call to memmove.

References:
http://www.exploit-db.com/exploits/10338
http://bugs.debian.org/560779
http://secunia.com/advisories/37607/

Could a CVE be assigned?

Thanks in advance.

Regards
- -- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksjP4MACgkQYy49rUbZzlqESQCdG3O9usXILnu4G6NuMmfUcQ2b
uYMAn1Y54+xj89y3cqXrpeQHUirdrr6E
=KUfO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.