| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Dec 2007 10:17:25 +0100 From: Martin Huter <m.huter@...on.com> To: bugtraq@...urityfocus.com Subject: squids ICAP implementation lacks a defer check when reading from ICAP server squids ICAP implementation does not check mem-store size before reading from an ICAP-server. If the user does not confirm browsers download-message-box, squid keeps on reading data from the ICAP server into the memory store, whilst no more data can be delivered to the client. Thus the memory store is growing and squid may - in worst case - consume memory up to the size of the users download. details and a patch can be found on http://www.squid-cache.org/bugs/show_bug.cgi?id=2136 -- Martin Huter Unit Manager phion AG Eduard-Bodem-Gasse 1 A-6020 Innsbruck Tel: +43 (0) 508 100 Fax: +43 (0) 508 100 20 Mail: m.huter@...on.com Web: http://www.phion.com phion AG Vorsitzender des Aufsichtsrates: Dr. Karl Lamprecht Vorstand: Dr. Wieland Alge, Mag. Günter Klausner Sitz der Gesellschaft: 6020 Innsbruck, Österreich Handelsgericht Innsbruck Firmenbuch: 184392s UID-Nr:: ATU47509003
Powered by blists - more mailing lists