Hi, the recent admins.ws security-newsletter states: german original: --8<-- 5. Squid Web Proxy kann durch bösartige User abgeschossen werden Es wurde ein Fehler im Cache-Handling entdeckt, der es Usern ermöglicht, die in Unix-Kreisen verbreitete Squid Proxy abzuschießen. Das nachfolgende Beispiel führt dazu, daß Squid hängenbleibt, und neu gestartet werden muß : nc proxy:3128 PUT ftp://ftpserver/WEB-INF/1/2/1/ HTTP/1.1 Content-type: application/octet-stream Content-length: 0 Pragma: no-cache Betroffen sind alle Versionen einschließlich der aktuellen Version 2.4 Es wird somit dringend empfohlen, den folgenden Patch herunterzuladen und zu installieren: http://www.squid-cache.org/bugs/showattachment.cgi?attach_id=38 --8<-- translated (logically): --8<-- 5. Squid web proxy can be crashed by mischievous users A bug in the cache-handling was discovered, which makes it possible for users to crash the commonly used squid web proxy. The example given herafter results in squid hanging and needing a restart: nc proxy:3128 PUT ftp://ftpserver/WEB-INF/1/2/1/ HTTP/1.1 Content-type: application/octet-stream Content-length: 0 Pragma: no-cache All versions including 2.4 are affected. You are strongly encouraged to get and install the following patch: http://www.squid-cache.org/bugs/showattachment.cgi?attach_id=38 --8<-- SuSE-ppl: when may we reckon on an update? Thank you. -- Mit freundlichen Gruessen / Yours sincerely Wolfram Schlich * E-Mail: wolfram@schlich.org * ICQ: UIN 35713642 Postal: Berghof, D-56626 Andernach-Kell * Phone: +49-(0)2636-941194
i have a feeling this thread might actually be useful,
but it appears not be in English, and my German is,
well.. i have none... i would appreciate any
conversations.. and i'd think others would agree...
AKNIT
--- Wolfram Schlich
the recent admins.ws security-newsletter states:
german original: --8<-- 5. Squid Web Proxy kann durch bösartige User abgeschossen werden
Es wurde ein Fehler im Cache-Handling entdeckt, der es Usern ermöglicht, die in Unix-Kreisen verbreitete Squid Proxy abzuschießen.
Das nachfolgende Beispiel führt dazu, daß Squid hängenbleibt, und neu gestartet werden muß :
nc proxy:3128 PUT ftp://ftpserver/WEB-INF/1/2/1/ HTTP/1.1 Content-type: application/octet-stream Content-length: 0 Pragma: no-cache
Betroffen sind alle Versionen einschließlich der aktuellen Version 2.4
Es wird somit dringend empfohlen, den folgenden Patch herunterzuladen und zu installieren:
http://www.squid-cache.org/bugs/showattachment.cgi?attach_id=38
--8<--
translated (logically): --8<-- 5. Squid web proxy can be crashed by mischievous users
A bug in the cache-handling was discovered, which makes it possible for users to crash the commonly used squid web proxy.
The example given herafter results in squid hanging and needing a restart:
nc proxy:3128 PUT ftp://ftpserver/WEB-INF/1/2/1/ HTTP/1.1 Content-type: application/octet-stream Content-length: 0 Pragma: no-cache
All versions including 2.4 are affected.
You are strongly encouraged to get and install the following patch:
http://www.squid-cache.org/bugs/showattachment.cgi?attach_id=38
--8<--
SuSE-ppl: when may we reckon on an update? Thank you. -- Mit freundlichen Gruessen / Yours sincerely
Wolfram Schlich * E-Mail: wolfram@schlich.org * ICQ: UIN 35713642 Postal: Berghof, D-56626 Andernach-Kell * Phone: +49-(0)2636-941194
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie
Le Mercredi 26 Septembre 2001 19:57, Mark Tinka a écrit :
i have a feeling this thread might actually be useful, but it appears not be in English, and my German is,
read on, the translation follows the original text jdd -- http://www.dodin.net mailto:jdanield@dodin.net WHO'S THAT GUY ? Help me found it Russia & South america help needed http://www.dodin.net/serge/index.html
On Wed, Sep 26, 2001 at 06:57:13PM +0100, Mark Tinka wrote:
i have a feeling this thread might actually be useful, but it appears not be in English, and my German is,
I translated the german text into english. Please have a closer look at the mail. ;-)
well.. i have none... i would appreciate any conversations.. and i'd think others would agree...
AKNIT
[...] The SuSE Security team recently replied to my mail. They are working on a solution regarding the problem. I think they'll keep us informed ;-) -- Mit freundlichen Gruessen / Yours sincerely Wolfram Schlich * E-Mail: wolfram@schlich.org * ICQ: UIN 35713642 Postal: Berghof, D-56626 Andernach-Kell * Phone: +49-(0)2636-941194
participants (3)
-
jdd
-
Mark Tinka
-
Wolfram Schlich