----- Original Message -----
From: "Vladimir Ivaschenko" <hazard@francoudi.com>
To: "Squid Users" <squid-users@squid-cache.org>
Sent: Tuesday, September 18, 2001 6:32 PM
Subject: [squid-users] CRITICAL BUG was Re: [squid-users] squid bug
>
> It seems that my bugreport had stuck, but I think it is security
critical !
Performance yes, security no. The crash is consistently on NULL pointer
access, as opposed to buffer overflow. I haven't had time to track it
further.
The core problem is that the request is getting past the client side
sanity checks, and the ftp state machine doesn't know how to deal with
the resulting condition.
> http://www.squid-cache.org/bugs/show_bug.cgi?id=233
>
> I checked with my upstream ISP and I can crash their SQUID as well. Is
there
> anybody who is going to look after it?
I am. Not tonight, but soon. Of course one of the other developers may
have more immediate spare time and take mercy on you.
Rob
Received on Tue Sep 18 2001 - 07:19:30 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:15 MST