Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 2 Feb 2017 00:56:33 -0500
From: <cve-assign@...re.org>
To: <pierre.kim.sec@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE requests: OpenBSD httpd - 2 DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> DoS: Memory exhaustion by sending crafted HTTP requests with Bytes-range.
> http://marc.info/?l=openbsd-cvs&m=148587359420912&w=2
> https://github.com/openbsd/src/commit/142cfc82b932bc211218fbd7bdda8c7ce83f19df

Use CVE-2017-5850.


> DoS: CPU exhaustion with SSL client-initiated renegotiation,

Is this a public vulnerability? It does not have any obvious match with the
latest https://github.com/openbsd/src/commits/master/usr.sbin/httpd commits.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYksb8AAoJEHb/MwWLVhi2SNEQAJJI0g5obeSlVRVpbEFOv9N9
6DONiCVXnQrM+yvLCS5lxbM3i8Sipzi4IMgm9nWP4rRZ2KyrxnxQChxgc3Ogc7wE
NvvDadF5OkRv/VFooEroINkx9pO9PelvsC4k+57b/q/mxCi1CT9N6PWbt/K9WmKJ
KJap6hYzbCpcCsiLl7oqyYC/xzlYWBLkt/41Amsg5SjM2CfZlm8dPJElMuO++LF9
XYm0+GxbpvoQtApOwvqcTGI57Ip/oi4LFjpzq8tcJI88HTx6cmij232D3zPPNeFg
R1MsrsiFvjwoh6ltz/VNhEMj1Mtd9ZKcRZjmr2fEsJiX8H659qkI/bwvEdQiLyOB
xtF2Vlzhpfp7h2ubySdh7JMGQ80xy35s08Rn5NPCLqPVy3n7QcV3yISkL7LJBI+W
ya1nR4w7y8tZk2q2QCEXYuTL8g1uXy7sPEPYIwKCkDG6MwV4NM993m0UH2cBD9em
ghWSD9JciaJfmxvPD5WPnVSId62q7DeOQKeci9rR+3J7COitx1qR6RX8v2fM7goz
NAN1F7eTxk37hmfQnVhmxc4L6x1xFP4UQzBu9AdlWHf0fWECzJwI9wANHn80Xmkz
iPu9UUwyrp6bkElEmF4Ap0u4uw1Ib7Q/4PsvhMMz2vQi4+7ZsNKiaThuF8Z9na8Q
ETptVJ36GBgs7OP35yG3
=WYRf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.