From owner-svn-ports-head@FreeBSD.ORG Wed Jan 29 08:22:56 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CED7E102; Wed, 29 Jan 2014 08:22:56 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AF3041E35; Wed, 29 Jan 2014 08:22:56 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s0T8MuMQ037457; Wed, 29 Jan 2014 08:22:56 GMT (envelope-from miwi@svn.freebsd.org) Received: (from miwi@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id s0T8Mu7w037455; Wed, 29 Jan 2014 08:22:56 GMT (envelope-from miwi@svn.freebsd.org) Message-Id: <201401290822.s0T8Mu7w037455@svn.freebsd.org> From: Martin Wilke Date: Wed, 29 Jan 2014 08:22:56 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r341695 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 08:22:57 -0000 Author: miwi Date: Wed Jan 29 08:22:56 2014 New Revision: 341695 URL: http://svnweb.freebsd.org/changeset/ports/341695 QAT: https://qat.redports.org/buildarchive/r341695/ Log: - Fix format Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jan 29 08:11:01 2014 (r341694) +++ head/security/vuxml/vuln.xml Wed Jan 29 08:22:56 2014 (r341695) @@ -63,7 +63,12 @@ Note: Please add new entries to the beg

Florian Weimer of the Red Hat Product Security Team reports:

-
Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.
+
Due to a missing check during assembly of the HTTP request line a long + target server name in the PROXY-CONNECT address can cause a stack buffer + overrun. Exploitation requires that the attacker is able to provide the + target server name to the PROXY-CONNECT address in the command line. + This can happen for example in scripts that receive data from untrusted + sources.

@@ -115,7 +120,9 @@ Note: Please add new entries to the beg

The OTRS Project reports:

-
An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks.
+
An attacker that managed to take over the session of a logged in customer + could create tickets and/or send follow-ups to existing tickets due to + missing challenge token checks.

@@ -269,8 +276,10 @@ Note: Please add new entries to the beg there will be a brief interruption of service and the cache will be emptied, causing more traffic to go to the backend.

We are releasing this advisory because restarting from vcl_error{} is both fairly common and documented.

This is purely a denial of service vulnerability, there is no risk of privilege escalation.

We are releasing this advisory because restarting from vcl_error{} is + both fairly common and documented.

This is purely a denial of service vulnerability, there is no risk of + privilege escalation.

Workaround

Insert this at the top of your VCL file: