Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Sep 2014 02:08:57 -0400 (EDT)
From: cve-assign@...re.org
To: krahmer@...e.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, squid3@...enet.co.nz
Subject: Re: CVE-Request: squid pinger remote DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I made a fix for squid 3.4.6 and request a CVE for
> this issue:
> 
> The pinger code that checks for nodes being alive doesnt
> properly validate ICMP and ICMPv6 replies, in particular
> icmp6 types which are used to index into a string array.
> This could cause crashes when the index is OOB.
> 
> A patch is available here:
> 
> https://bugzilla.novell.com/show_bug.cgi?id=891268
> 
> I also made some cleanups and error checking on the
> receive socket.


> From: Amos Jeffries <squid3@...enet.co.nz>

> What could happen worst-case (#1 or #3 ... flooding the parent
> processes log, slowing the entire service down and/or exhausting log
> disk space, which in turn can crash the parent process. ... The
> best-case being that some HTTP servers are assigned incorrect RTT
> values. Which adversely affects latency based routing logics ...


As far as we can tell, CVE IDs are required for cases #1 and #3:

> 1. "used to index into a string array" possibly corresponds to
> http://cwe.mitre.org/data/definitions/129.html for the modified
> default case after case 136, and approximately two other places in the
> patch

Use CVE-2014-7141.


> 3. added "if (preply.psize) < 0" code apparently corresponds to a more
> general issue with missing data validation

Use CVE-2014-7142.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUH7xuAAoJEKllVAevmvmsBbIH/2N7bDbuvxY/iGH6Jtj65rNK
fIZqVWUiAGvr/ZxtmxM++sikol+7mtspqjyxuu0L5r4Uzz230aCiiKsVGFqNmOOB
4WvW9kL7X7KXBh0Knn/i3eJP930BtdJUY5lOV+pRfkKfAV4ZqoJR2kF3Jfw0UMHi
sabnXcG4Kex+nnQhA7aJliZhAwJI0Ou51H7PCwYi9HOugO3E8sA8xb8cwBSihdzm
XI4qKFVTzx4fm/YUE8XizHah099FBNMJAPXrIQKVuawL7L7zDEeA45x0IDulgZ+w
Rysl8bSDtxkONsGgxcwE5HbOjoOF/8eWttQyyj473ts4Lr5tLduAfJqOqYxZ0gc=
=60QN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ