Release date:
Updated on:
Affected Systems:
Haproxy 1.4.20
Unaffected system:
Haproxy 1.4.21
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53647
HAProxy is a reliable, high-performance TCP/HTTP Load balancer.
A boundary error exists when copying data from HAProxy 1.4.20 or earlier versions to the trash buffer. This can be exploited to cause a buffer overflow. After successful exploitation, arbitrary code can be executed, but global is required. tune. the bufsize configuration option is set to be greater than the default value, and the header is rewritten through the reqrep or rsprep command.
<* Source: vendor
Link: http://haproxy.1wt.eu/git? Haproxy-1.4.git; a = commit; h = 30297cb17147a8d339eb160226bcc08c91d9530b
Http://secunia.com/advisories/49261/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Haproxy
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://haproxy.1wt.eu/