Lucene search
Gentoo FoundationGLSA-200903-38HistoryMar 24, 2009 - 12:00 a.m.
Squid: Multiple Denial of Service vulnerabilities
2009-03-2400:00:00
Gentoo Foundation
security.gentoo.org
16
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.951 High
EPSS
Percentile
99.3%
Background
Squid is a full-featured web proxy cache.
Description
- The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239 (CVE-2008-1612).
- An invalid version number in a HTTP request may trigger an assertion in HttpMsg.c and HttpStatusLine.c (CVE-2009-0478).
Impact
The issues allows for Denial of Service attacks against the service via an HTTP request with an invalid version number and other specially crafted requests.
Workaround
There is no known workaround at this time.
Resolution
All Squid users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/squid-2.7.6"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-proxy/squid | < 2.7.6 | UNKNOWN |
Related
nessus
nessus
GLSA-200903-38 : Squid: Multiple Denial of Service vulnerabilities
2009-03-25 00:00:00
RHEL 2.1 / 3 / 4 / 5 : squid (RHSA-2008:0214)
2008-04-11 00:00:00
Mandriva Linux Security Advisory : squid (MDVSA-2008:134)
2009-04-23 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200903-38 (Squid)
2009-03-31 00:00:00
Gentoo Security Advisory GLSA 200903-38 (Squid)
2009-03-31 00:00:00
CentOS Update for squid CESA-2008:0214-01 centos2 i386
2009-02-27 00:00:00
osv
osv
squid - array bounds check
2008-10-07 00:00:00
squid - programming error
2008-02-05 00:00:00
oraclelinux
oraclelinux
squid security update
2008-04-09 00:00:00
Moderate: squid security update
2007-12-18 00:00:00
ubuntu
ubuntu
Squid vulnerability
2008-04-14 00:00:00
Squid vulnerability
2008-01-09 00:00:00
Squid vulnerability
2009-02-25 00:00:00
debiancve
debiancve
seebug
seebug
Squid Web代理缓存arrayShrink()函数远程拒绝服务漏洞
2008-04-17 00:00:00
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service Exploit
2014-07-01 00:00:00
Squid < 3.1 5 HTTP Version Number Parsing Denial of Service Exploit
2009-02-10 00:00:00
debian
debian
[SECURITY] [DSA-1646-1] New squid packages fix array bounds check
2008-10-07 06:12:02
[SECURITY] [DSA 1646-2] New squid packages fix array bounds check
2008-10-11 06:47:39
[SECURITY] [DSA 1646-2] New squid packages fix array bounds check
2008-10-11 06:46:58
securityvulns
securityvulns
[USN-601-1] Squid vulnerability
2008-04-15 00:00:00
squid proxy server DoS
2007-12-12 00:00:00
squid proxy server DoS
2008-04-15 00:00:00
ubuntucve
ubuntucve
prion
prion
Code injection
2008-04-01 17:44:00
Memory corruption
2007-12-04 18:46:00
Design/Logic Flaw
2009-02-08 22:30:00
cve
cve
centos
centos
squid security update
2007-12-18 18:09:00
squid security update
2008-01-13 02:19:55
squid security update
2008-04-10 17:05:05
cert
cert
Squid remote denial-of-service vulnerability
2007-12-10 00:00:00
redhat
redhat
(RHSA-2007:1130) Moderate: squid security update
2007-12-18 00:00:00
(RHSA-2008:0214) Moderate: squid security update
2008-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: squid-2.6.STABLE17-1.fc8
2007-12-15 19:27:04
[SECURITY] Fedora 7 Update: squid-2.6.STABLE16-2.fc7
2007-12-15 19:27:50
[SECURITY] Fedora 8 Update: squid-2.6.STABLE19-1.fc8
2008-04-29 20:53:41
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:19:28
Denial Of Service (DoS)
2020-04-10 00:26:20
freebsd
freebsd
Squid -- Denial of Service Vulnerability
2007-11-28 00:00:00
squid -- remote denial of service vulnerability
2009-02-04 00:00:00
gentoo
gentoo
Squid: Denial of service
2008-01-09 00:00:00
exploitpack
exploitpack
Squid 3.1 5 - HTTP Version Number Parsing Denial of Service
2009-02-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Squid HTTP Version Number Parsing Denial of Service
2009-01-15 00:00:00
Squid HTTP Version Number Parsing Denial of Service (CVE-2009-0478)
2009-02-23 00:00:00
packetstorm
packetstorm
Squid Denial Of Service
2009-02-09 00:00:00
exploitdb
exploitdb
Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
2009-02-09 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.951 High
EPSS
Percentile
99.3%
Related for GLSA-200903-38