Summary: | www-proxy/junkbuster: configuration can be changed remotely when using single-threading | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | euclid80 | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | net-proxy+disabled, security-audit | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://uregina.ca/~ranson1j/cgi-bin/show_referer.cgi | ||||||
Whiteboard: | B2? [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
euclid80
2005-04-09 19:44:13 UTC
Created attachment 55828 [details, diff]
patch for referrer bug
Can auditors have a look ? Confirmed. That's an interesting bug, a malicious site could override your referrer setting and allow it to be sent (if you were to enable single-threaded operation, for some reason). it get's worse, there's some heap corruption happening in there due to the inconsistent use of the strsav() function that looks exploitable (single-threaded or not). looks like there are some other errors as well that need correcting. Is there any reason to use junkbuster rather than privoxy? maybe we should consider abandoning junkbuster as it looks like upstream is inactive. www-proxy please advise. fixed both issues in -r3 I've took the liberty to keep keywords unchanged and erase the old version. the new patch is Obviously Correct, tested on x86 by me and is definitely arch independent. Thx Alin. This one is ready for GLSA. GLSA 200504-11 |