Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 14 Sep 2014 22:48:49 +0200
From: Kristian Fiskerstrand <kristian.fiskerstrand@...ptuouscapital.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE assignment for c-icap Server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 09/01/2014 11:30 PM, Kristian Fiskerstrand wrote:
> Hi,
> 
> [0] lists a vulnerability for c-icap Server as:  "contains a flaw
> in the parse_request() function of request.c that may allow a
> remote denial of service. The issue is triggered when the buffer
> fails to contain a ' ' or '?' symbol, which will cause the end
> pointer to increase and surpass allocated memory. With a specially
> crafted request (e.g. via the OPTIONS method), a remote attacker
> can cause a loss of availability for the program." as described in
> [1]. From what I can see this was fixed in [2].
> 
> Has a CVE been assigned to this issue already? if not I request
> that one is assigned.
> 
> References: [0] http://www.osvdb.org/show/osvdb/89304 [1]
> http://osvdb.org/ref/89/c-icap.txt [2]
> http://sourceforge.net/p/c-icap/code/1018/
> 
> 

Friendly ping for any feedback on this post.


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Dura necessitas
Necessity is harsh
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUFf8wAAoJEPw7F94F4TagXoEP/jcjVZf0r0yHX4aosAr0o2cP
KXHot+wDTo3WZsBpHUt1U6LS8hNMZzX7GbgJkerx3uayhncdMrAGThDwxJrx7Ixg
/BVcwlKh9fBfZSO52zFl/bhP/X0APlxSg6LMQaBtGjAZ2991oQf/xKYmdxsH+Try
jrKiOMRP272sFmeWP8hUhhcWfbLc+/7BBSoXqA8DvmJIOWT8OapU4Jv7shJnsr+y
MpVtK9AtQlqw3I7hZ/iTKjORexOLliWFulZUcKu1gd8lpo8aKHQR6qK+JGwWaaFK
1lUMTAyGsfUF8h9S/iGH1AOnTzSuD6n0rJ7y7QuHgUODP0Ax7ywsvveWFW2HlRRT
GXo3umPB2tqSkX6QcSg4d81/WR8GJYus7MSjlCu4HJ6xaprX0AdCh1WM10Bih0/6
bcHDHJEBLaVwsfpD0KikiRCBrja1DTPHFajRERKqdiM0GR7vcy1kqDio9mGibrzf
5hvYLqDQWN/hTbYOsoSJ88tAs5HbhZTHQFmyUxd0tyrzQRPlneudYimWyFXHwaT+
9D3PS7UJi/Nad+IMiXNu2tCwFC2bZkbq+d3B50o+VT+8/vcv//X+/3o6sP0osC7H
0JEJAMKzg8DlaVErnxkGfoC8t6UVDfrRmhPv1+CTlwruCEoC0z2w1UNw4qiXF9xx
lGZZ8JsFjp/olojmGhax
=Uvcf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ