calculate/gentoo-full-overlay
4
1
Fork 0
Code Issues Pull requests Releases Wiki Activity
gentoo-full-overlay/metadata/glsa/glsa-201409-07.xml

55 lines
2.1 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="201409-07">
<title>c-icap: Denial of Service</title>
<synopsis>A vulnerability in c-icap could result in Denial of Service. </synopsis>
<product type="ebuild">c-icap,DoS</product>
<announced>2014-09-19</announced>
<revised count="1">2014-09-19</revised>
<bug>455324</bug>
<access>remote</access>
<affected>
<package name="net-proxy/c-icap" auto="yes" arch="*">
<unaffected range="ge">0.2.6</unaffected>
<vulnerable range="lt">0.2.6</vulnerable>
</package>
</affected>
<background>
<p>c-icap is an implementation of an ICAP server. It can be used with HTTP
proxies that support the ICAP protocol to implement content adaptation
and filtering services.
</p>
</background>
<description>
<p>c-icap contains a flaw in the parse_request() function of request.c that
may allow a remote denial of service. The issue is triggered when the
buffer fails to contain a or ? symbol, which will cause the
end pointer to increase and surpass allocated memory. With a specially
crafted request (e.g. via the OPTIONS method), a remote attacker can
cause a loss of availability for the program.
</p>
</description>
<impact type="normal">
<p>A remote attacker may cause a Denial of Service condition.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All c-icap users should upgrade to the latest version:</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=net-proxy/c-icap-0.2.6"
</code>
</resolution>
<references>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7401">CVE-2013-7401</uri>
<uri link="https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7402">CVE-2013-7402</uri>
</references>
<metadata tag="requester" timestamp="2014-08-04T19:33:11Z">
keytoaster
</metadata>
<metadata tag="submitter" timestamp="2014-09-19T18:54:16Z">K_F</metadata>
</glsa>
Reference in a new issue View git blame Copy permalink