Bug 763833 (CVE-2012-2391) - VUL-0: CVE-2012-2391: haproxy: buffer overflow / remote code execution
Summary: VUL-0: CVE-2012-2391: haproxy: buffer overflow / remote code execution
Status: RESOLVED FIXED
Alias: CVE-2012-2391
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Deadline: 2014-05-26
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:running:57123:low
Keywords:
Depends on:
Blocks:
 
Reported: 2012-05-24 09:33 UTC by Matthias Weckbecker
Modified: 2021-09-16 13:29 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-05-24 09:33:31 UTC 
There has recently been an issue reported in haproxy. Due to a boundary error
when copying data into the trash buffer, external attackers could potentially
cause a buffer overflow and execute arbitrary code remotely.
Exploiting this requires header rewriting to be enabled as well as non-default
values for the global.tune.bufsize directive.

Further information available at secunia: 

  https://secunia.com/advisories/49261/
Comment 4 Marcus Rückert 2012-05-24 14:34:30 UTC 
package was already updated by Pascal. i just added the cve/bnc number.

will update the 1.5 package later.
Comment 5 Matthias Weckbecker 2012-08-20 08:07:17 UTC 
Note: The previous CVE (CVE-2012-2391) was rejected b/c of dupe. Please use the
CVE CVE-2012-2942 when referring to this issue.
Comment 6 Swamp Workflow Management 2014-04-26 15:47:30 UTC 
The SWAMPID for this issue is 57123.
This issue was rated as low.
Please submit fixed packages until 2014-05-26.
Also create a patchinfo file using this link:
https://swamp.suse.de/webswamp/wf/57123