Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 77521

Summary: www-proxy/squid - NTLM fakeauth_auth memory leak and NULL pointer access
Product: Gentoo Security Reporter: Carsten Lohrke (RETIRED) <carlo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: andrewbevitt
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Carsten Lohrke (RETIRED) gentoo-dev 2005-01-11 07:28:00 UTC
The NTLM fakeauth_auth helper has a memory leak that may cause it to run out of memory under high load, or if it runs for a very long time. Additionally, a malformed NTLM type 3 message could cause a segmentation violation.
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2005-01-11 13:18:56 UTC
cyfred, pls include the patch in the patchset

Comment 2 Andrew Bevitt 2005-01-11 13:40:02 UTC
Just went into cvs now.
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2005-01-11 14:18:58 UTC
cyfred, pls bump the ebuild, so people can catch the updated patchset

We should probably use ~arch keywords, so that we can go through arch testing and don't run into problems like it happened before with a different ebuild.
Comment 4 Andrew Bevitt 2005-01-11 23:39:45 UTC
Revision bump done.
Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev 2005-01-12 00:35:58 UTC
jaervosz and /me voted against GLSA publication on this one, if anyone objects pls reopen
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-16 12:31:23 UTC
GLSA 200501-25