Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 May 2012 11:37:23 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: haproxy trash buffer overflow flaw

Could a CVE be assigned to this flaw please?

A flaw was reported in HAProxy where, due to a boundary error when
copying data into the trash buffer, an external attacker could cause a
buffer overflow.  Exploiting this flaw could lead to the execution of
arbitrary code, however it requires non-default settings for the
global.tune.bufsize configuration option (must be set to a value greater
than the default), and also that header rewriting is enabled (via, for
example, the regrep or rsprep directives).

This flaw is reported against 1.4.20, prior versions may also be
affected.  This has been fixed upstream in version 1.4.21 and in git.

References:

https://secunia.com/advisories/49261/
http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b
https://bugzilla.redhat.com/show_bug.cgi?id=824542

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.