Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150714201152.GG19574@hunt>
Date: Tue, 14 Jul 2015 13:11:52 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: Agostino Sarubbo <ago@...too.org>
Cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: siege: off-by-one in load_conf()

On Tue, Jul 14, 2015 at 09:17:04PM +0200, Agostino Sarubbo wrote:
> Description:
> Siege is an http load testing and benchmarking utility.
> 
> During the test of a webserver, I hit a segmentation fault. I recompiled 
> siege with ASan and it clearly show an off-by-one in load_conf(). The issue 
> is reproducible without passing any arguments to the binary.

Does load_conf() process any information from any untrusted sources? Has
Siege processed any data from the network at this point? This sounds like
a regular bug rather than a security boundary, unless I've misunderstood
the application.

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.