Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 417079 (CVE-2012-2942) - <net-proxy/haproxy-1.4.21 : Trash Buffer Overflow Vulnerability (CVE-2012-2942)
Summary: <net-proxy/haproxy-1.4.21 : Trash Buffer Overflow Vulnerability (CVE-2012-2942)
Status: RESOLVED FIXED
Alias: CVE-2012-2942
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://secunia.com/advisories/49261/
Whiteboard: C1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-22 13:19 UTC by Agostino Sarubbo
Modified: 2013-01-09 00:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-05-22 13:19:08 UTC
From secunia at $URL:

Description
A vulnerability has been reported in HAProxy, which can be exploited by malicious people to potentially compromise a vulnerable system.

The vulnerability is caused due a boundary error when copying data into the trash buffer and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code, but requires that the global.tune.bufsize configuration option is set to a value greater than the default and that header rewriting is configured e.g. via the reqrep or rsprep directives.

The vulnerability is reported in version 1.4.20. Prior versions may also be affected.


Solution
Update to version 1.4.21.
Comment 1 Christian Ruppert (idl0r) gentoo-dev 2012-05-22 13:51:49 UTC
1.4.21 has just been committed.
Comment 2 Agostino Sarubbo gentoo-dev 2012-05-22 16:59:50 UTC
arches, please test and mark stable:
=net-proxy/haproxy-1.4.21
target KEYWORDS : "amd64 ppc x86"
Comment 3 Johannes Huber (RETIRED) gentoo-dev 2012-05-22 18:19:13 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2012-05-22 19:02:58 UTC
amd64 stable
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2012-06-02 14:05:34 UTC
No problems with it in production btw.
*ping ppc*
Comment 6 Brent Baude (RETIRED) gentoo-dev 2012-06-08 18:05:55 UTC
ppc done
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2012-06-10 15:38:37 UTC
Thanks, folks. GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 19:18:37 UTC
CVE-2012-2942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2942):
  Buffer overflow in the trash buffer in the header capture functionality in
  HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater
  than the default and header rewriting is enabled, allows remote attackers to
  cause a denial of service and possibly execute arbitrary code via
  unspecified vectors.
Comment 9 Sean Amoss (RETIRED) gentoo-dev Security 2012-06-15 19:21:14 UTC
Duplicate CVE identifiers have been assigned to this issue. Red Hat has requested clarification/rejection from Mitre [1], but there has not been a response as of yet.

[1] http://www.openwall.com/lists/oss-security/2012/05/28/1
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-27 19:49:48 UTC
(In reply to comment #9)
> Duplicate CVE identifiers have been assigned to this issue. Red Hat has
> requested clarification/rejection from Mitre [1], but there has not been a
> response as of yet.
> 
> [1] http://www.openwall.com/lists/oss-security/2012/05/28/1

Vulnerability Summary for CVE-2012-2391
Original release date:08/17/2012
Last revised:08/17/2012
Source: US-CERT/NIST
Overview
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2942. Reason: This candidate is a duplicate of CVE-2012-2942. Notes: All CVE users should reference CVE-2012-2942 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-01-09 00:26:52 UTC
This issue was resolved and addressed in
 GLSA 201301-02 at http://security.gentoo.org/glsa/glsa-201301-02.xml
by GLSA coordinator Sean Amoss (ackle).