Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 1 Apr 2008 12:13:22 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Tomas Hoger <thoger@...hat.com>
cc: "Steven M. Christey" <coley@...re.org>,
        oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE id request: squid


Notice the reference to oss-security :)

- Steve


======================================================
Name: CVE-2008-1612
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1612
Reference: MISC:http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
Reference: MLIST:[oss-security] 20080401 CVE id request: squid
Reference: URL:http://www.openwall.com/lists/oss-security/2008/04/01/5
Reference: MLIST:[squid-announce[ 20080322 Advisory Squid-2007:2 updated
Reference: URL:http://marc.info/?l=squid-announce&m=120614453813157&w=2

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows
attackers to cause a denial of service (process exit) via unknown
vectors that cause an array to shrink to 0 entries, which triggers an
assert error.  NOTE: this issue is due to an incorrect fix for
CVE-2007-6239.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux