Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2014 09:16:35 +0200
From: Sebastian Krahmer <krahmer@...e.de>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-Request: squid pinger remote DoS

On Tue, Sep 16, 2014 at 02:56:30AM -0400, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > I made a fix for squid 3.4.6 and request a CVE
> 
> > https://bugzilla.novell.com/show_bug.cgi?id=891268
> 
> Regardless of the "what happens to squid itself" answer, is it known
> that the crash has a security impact? This message seemed to conclude

Well, in any case whether its restarted or not, it should be fixed.
For me its a remote DoS, its your decision if it qualifies for a CVE.
The indexing bug is the "real issue" whereas the others IMHO qualify
as hardening and only produce junk-packets or fake logs if exploited.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ