lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <513932CF.4090900@treenet.co.nz>
Date: Fri, 08 Mar 2013 13:37:35 +1300
From: Amos Jeffries <amos@...enet.co.nz>
To: bugtraq@...urityfocus.com
CC: tytusromekiatomek@...hmail.com
Subject: Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc

On 6/03/2013 9:53 a.m., tytusromekiatomek@...hmail.com wrote:
> ################################################################
> # DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc #
> ################################################################
> #
> # Authors:
> #
> # 22733db72ab3ed94b5f8a1ffcde850251fe6f466
> # c8e74ebd8392fda4788179f9a02bb49337638e7b
> # AKAT-1
> #
> #######################################
>
> # Versions: 3.2.5, 3.2.7

Thank you very much for reporting this to us upstream and ensuring a 
patch was available before publishing it publicly *cough*.
This has now been fixed.

Would you care to do better on the other ones before someone else has a 
chance to mail your exploit to our bugs@ address and grab all the 
discovery glory?

Amos Jeffries
Squid Project

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ