[Bug 1036985] Re: denial of service of too many headers in response

2017-10-28 Thread Bug Watch Updater 
Launchpad has imported 7 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=849368.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2012-08-18T21:54:05+00:00 Kurt wrote:


gpernot reports:

Bug 110 - algorithmic complexity denial of service

randomized hashmaps to prevent DOS attacks

hashmap are not randomized, so that it is possible to forge fake headers that 
will always go into the same bucket. 
try 'curl http://78.230.4.96/hashes.asis' via tinyproxy and without it to 
convince you (~8 MB of headers). I'll remove this url as soon as bug is 
accepted...

attached patch should solve this. it's certainly perfectible, though 
(autoconf for time() and rand() are missing...).

even with this patch, it takes ages. maybe headers should be sanitized before 
hiting the buckets...

Created attachment 60 [details]
limit number of headers to prevent DoS attacks

External references:
https://banu.com/bugzilla/show_bug.cgi?id=110#c2
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/8


On 2012-08-18T21:55:06+00:00 Kurt wrote:

Created tinyproxy tracking bugs for this issue

Affects: fedora-all [bug 849369]

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/9


On 2012-08-18T21:56:32+00:00 Kurt wrote:

Created tinyproxy tracking bugs for this issue

Affects: epel-all [bug 849370]

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/10


On 2012-08-18T21:56:51+00:00 Kurt wrote:

Created attachment 605402
CVE-2012-3505-tinyproxy-limit-headers.patch

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/11


On 2012-08-18T21:57:11+00:00 Kurt wrote:

Created attachment 605403
CVE-2012-3505-tinyproxy-randomized-hashmaps.patch

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/12


On 2014-12-13T01:10:29+00:00 Michael wrote:

Believe it or not:
Fixes pushed to upstream and will be released soon with Tinyproxy 1.8.4.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/21


On 2016-01-02T00:09:15+00:00 Michael wrote:

Upstream release including fix available at

https://github.com/tinyproxy/tinyproxy/releases/tag/1.8.4

(Note: upstream hosting is currently changing.)

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/23


** Changed in: tinyproxy (Fedora)
   Status: Unknown => Confirmed

** Changed in: tinyproxy (Fedora)
   Importance: Unknown => Low

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2016-02-24 Thread Steve Beattie 
This was fixed in precise in:

tinyproxy (1.8.3-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: Fix for denial of service vulnerability where remote
attackers send crafted request headers. (LP: #1154502)
- debian/patches/001-CVE-2012-3505.patch: Limit the number of headers to
  prevent DoS attacks. Randomize hashmaps in order to avoid fake headers
  getting included in the same bucket, allowing for DoS attacks.
- CVE-2012-3505
 -- Christian Kuersteiner    Wed, 13 Mar 2013 16:42:14 +0700

Closing the precise task.

** Changed in: tinyproxy (Ubuntu Precise)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2014-12-12 Thread Michael Adam 
Fix pushed to upstream and will be released very soon in tinyproxy
1.8.4.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-10-04 Thread Bug Watch Updater 
Launchpad has imported 3 comments from the remote bug at
https://banu.com/bugzilla/show_bug.cgi?id=110.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2012-08-14T21:54:31+00:00 gpernot wrote:

Created attachment 59
randomized hashmaps to prevent DOS attacks

hashmap are not randomized, so that it is possible to forge fake headers that 
will always go into the same bucket.
try 'curl http://78.230.4.96/hashes.asis' via tinyproxy and without it to 
convince you (~8 MB of headers). I'll remove this url as soon as bug is 
accepted...

attached patch should solve this. it's certainly perfectible, though
(autoconf for time() and rand() are missing...).

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/0


On 2012-08-14T22:24:55+00:00 gpernot wrote:

even with this patch, it takes ages. maybe headers should be sanitized
before hiting the buckets...

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/1


On 2012-08-15T07:24:49+00:00 gpernot wrote:

Created attachment 60
limit number of headers to prevent DoS attacks

Reply at:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/comments/2


** Changed in: tinyproxy
   Status: Unknown = Confirmed

** Changed in: tinyproxy
   Importance: Unknown = High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-10-04 Thread Bug Watch Updater 
** Changed in: tinyproxy (Debian)
   Status: Unknown = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-10-01 Thread Jeremy Bicha 
** Also affects: tinyproxy (Ubuntu Precise)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-10-01 Thread Logan Rosen 
I have filed a sync request from Debian in Bug 1059887.

** Bug watch added: Banu Bugzilla #110
   https://banu.com/bugzilla/show_bug.cgi?id=110

** Also affects: tinyproxy via
   https://banu.com/bugzilla/show_bug.cgi?id=110
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-10-01 Thread Jeremy Bicha 
This bug was fixed in the package tinyproxy - 1.8.3-3

---
tinyproxy (1.8.3-3) unstable; urgency=high

  * Add patches for CVE-2012-3505 (closes: #685281):
- CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of
  headers to prevent DoS attacks.
- CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps
  in order to avoid fake headers getting included in the same bucket,
  allowing for DoS attacks.
Bug reported and patches contributed by gpernot.

 -- Jordi Mallach jo...@debian.org  Mon, 24 Sep 2012 21:05:41 +0200

** Changed in: tinyproxy (Ubuntu)
   Status: Confirmed = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-09-29 Thread Salvatore Bonaccorso 
** Bug watch added: Debian Bug tracker #685281
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281

** Also affects: tinyproxy (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-08-20 Thread Karma Dorje 
** Changed in: tinyproxy (Ubuntu)
   Status: Incomplete = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-08-18 Thread Karma Dorje 
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3505

** Bug watch added: Red Hat Bugzilla #849368
   https://bugzilla.redhat.com/show_bug.cgi?id=849368

** Also affects: tinyproxy (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=849368
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-08-17 Thread Jamie Strandboge 
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Visibility changed to: Public

** Changed in: tinyproxy (Ubuntu)
   Status: New = Confirmed

** Changed in: tinyproxy (Ubuntu)
   Status: Confirmed = Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-08-17 Thread Jamie Strandboge 
I have requested a CVE for this on oss-security:
http://www.openwall.com/lists/oss-security/2012/08/17/3

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1036985] Re: denial of service of too many headers in response

2012-08-17 Thread Ubuntu Foundation's Bug Bot 
The attachment limit number of headers to prevent DoS attacks of this
bug report has been identified as being a patch.  The ubuntu-reviewers
team has been subscribed to the bug report so that they can review the
patch.  In the event that this is in fact not a patch you can resolve
this situation by removing the tag 'patch' from the bug report and
editing the attachment so that it is not flagged as a patch.
Additionally, if you are member of the ubuntu-reviewers team please also
unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by
Brian Murray.  Please contact him regarding any issues with the action
taken in this bug report.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1036985

Title:
  denial of service of too many headers in response

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs