Date: Mon, 22 Sep 2014 02:08:57 -0400 (EDT) From: cve-assign@...re.org To: krahmer@...e.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, squid3@...enet.co.nz Subject: Re: CVE-Request: squid pinger remote DoS -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I made a fix for squid 3.4.6 and request a CVE for > this issue: > > The pinger code that checks for nodes being alive doesnt > properly validate ICMP and ICMPv6 replies, in particular > icmp6 types which are used to index into a string array. > This could cause crashes when the index is OOB. > > A patch is available here: > > https://bugzilla.novell.com/show_bug.cgi?id=891268 > > I also made some cleanups and error checking on the > receive socket. > From: Amos Jeffries <squid3@...enet.co.nz> > What could happen worst-case (#1 or #3 ... flooding the parent > processes log, slowing the entire service down and/or exhausting log > disk space, which in turn can crash the parent process. ... The > best-case being that some HTTP servers are assigned incorrect RTT > values. Which adversely affects latency based routing logics ... As far as we can tell, CVE IDs are required for cases #1 and #3: > 1. "used to index into a string array" possibly corresponds to > http://cwe.mitre.org/data/definitions/129.html for the modified > default case after case 136, and approximately two other places in the > patch Use CVE-2014-7141. > 3. added "if (preply.psize) < 0" code apparently corresponds to a more > general issue with missing data validation Use CVE-2014-7142. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUH7xuAAoJEKllVAevmvmsBbIH/2N7bDbuvxY/iGH6Jtj65rNK fIZqVWUiAGvr/ZxtmxM++sikol+7mtspqjyxuu0L5r4Uzz230aCiiKsVGFqNmOOB 4WvW9kL7X7KXBh0Knn/i3eJP930BtdJUY5lOV+pRfkKfAV4ZqoJR2kF3Jfw0UMHi sabnXcG4Kex+nnQhA7aJliZhAwJI0Ou51H7PCwYi9HOugO3E8sA8xb8cwBSihdzm XI4qKFVTzx4fm/YUE8XizHah099FBNMJAPXrIQKVuawL7L7zDEeA45x0IDulgZ+w Rysl8bSDtxkONsGgxcwE5HbOjoOF/8eWttQyyj473ts4Lr5tLduAfJqOqYxZ0gc= =60QN -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ