Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 77521 - www-proxy/squid - NTLM fakeauth_auth memory leak and NULL pointer access
Summary: www-proxy/squid - NTLM fakeauth_auth memory leak and NULL pointer access
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2005-01-11 07:28 UTC by Carsten Lohrke (RETIRED)
Modified: 2005-01-16 12:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2005-01-11 07:28:00 UTC
The NTLM fakeauth_auth helper has a memory leak that may cause it to run out of memory under high load, or if it runs for a very long time. Additionally, a malformed NTLM type 3 message could cause a segmentation violation.
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2005-01-11 13:18:56 UTC
cyfred, pls include the patch in the patchset

Comment 2 Andrew Bevitt 2005-01-11 13:40:02 UTC
Just went into cvs now.
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2005-01-11 14:18:58 UTC
cyfred, pls bump the ebuild, so people can catch the updated patchset

We should probably use ~arch keywords, so that we can go through arch testing and don't run into problems like it happened before with a different ebuild.
Comment 4 Andrew Bevitt 2005-01-11 23:39:45 UTC
Revision bump done.
Comment 5 Matthias Geerdsen (RETIRED) gentoo-dev 2005-01-12 00:35:58 UTC
jaervosz and /me voted against GLSA publication on this one, if anyone objects pls reopen
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-01-16 12:31:23 UTC
GLSA 200501-25