[Bug 907690] [NEW] CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
Mahyuddin Susanto
saya at udienz.web.id
Thu Dec 22 09:22:06 UTC 2011
Public bug reported:
Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205
https://bugzilla.redhat.com/show_bug.cgi?id=734583
Patch: http://www.squid-
cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch
** Affects: squid3 (Ubuntu)
Importance: Undecided
Assignee: Mahyuddin Susanto (udienz)
Status: In Progress
** Changed in: squid3 (Ubuntu)
Status: New => In Progress
** Changed in: squid3 (Ubuntu)
Assignee: (unassigned) => Mahyuddin Susanto (udienz)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/907690
Title:
CVE-2011-3205: DoS (memory corruption and daemon restart) or remote
Gopher servers.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907690/+subscriptions
More information about the Ubuntu-server-bugs
mailing list