Is there a patch for this?
2. Denial of Service in Squid "clientAbortBody()"
Confirmed products effected- squid-2.5.STABLE6 and earlier
=======Description of Problem=======
The function clientAbortBody can cause a segmentation fault.
if (!conn->body.callback || conn->body.request != request)
return;
buf = conn->body.buf;
This was a problem supposed to be addressed in STABLE5 by changing:
if (!conn->body.callback || conn->body.request != request)
to
if (conn == NULL || !conn->body.callback || conn->body.request !=
request)
The problem still exists and still can crash the program.
Source: rootthief.com
http://www.rootthief.com/?view=advisories/squid
To get community support and perspective on this issue click here:
http://dsb.igxglobal.com/modules.php?name=Forums&file=viewforum&f=177
=============================================
Rex Mueller - Systems and Security Engineer
ESU#3
6949 S 110th Street
LaVista, Nebraska 68128
rmueller at esu3 dot org
=============================================
Received on Tue Sep 14 2004 - 13:33:16 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT