Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201110-24
HistoryOct 26, 2011 - 12:00 a.m.

Squid: Multiple vulnerabilities

2011-10-2600:00:00
Gentoo Foundation
security.gentoo.org
18

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.965 High

EPSS

Percentile

99.6%

JSON

Background

Squid is a full-featured web proxy cache.

Description

Multiple vulnerabilities have been discovered in Squid. Please review the CVE identifiers referenced below for details.

Impact

Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the Squid process or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All squid users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-proxy/squid-3.1.15"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 4, 2011. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-proxy/squid< 3.1.15UNKNOWN

Related

openvas 68
nessus 48
securityvulns 9
debian 5
ubuntu 1
freebsd 4
fedora 3
oraclelinux 3
redhat 3
osv 4
veracode 4
ubuntucve 5
debiancve 6
prion 6
cvelist 7
suse 2
checkpoint_advisories 5
altlinux 1
cve 7
nvd 6
seebug 2
openvas
openvas
Gentoo Security Advisory GLSA 201110-24 (Squid)
2012-02-12 00:00:00
Gentoo Security Advisory GLSA 201110-24 (Squid)
2012-02-12 00:00:00
FreeBSD Ports: squid
2009-07-29 00:00:00
nessus
nessus
GLSA-201110-24 : Squid: Multiple vulnerabilities
2011-10-27 00:00:00
openSUSE Security Update : squid (squid-2144)
2010-03-23 00:00:00
openSUSE Security Update : squid (squid-2144)
2010-03-23 00:00:00
securityvulns
securityvulns
squid proxy DoS
2009-09-23 00:00:00
[ MDVSA-2009:161-1 ] squid
2009-08-10 00:00:00
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 00:00:00
debian
debian
[BSA-031] Security Update for squid3
2011-03-30 15:16:12
[SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service
2010-02-04 08:46:27
[SECURITY] [DSA 1843-2] New squid3 packages fix regression
2009-08-09 16:54:21
ubuntu
ubuntu
Squid vulnerabilities
2010-02-16 00:00:00
freebsd
freebsd
squid -- several remote denial of service vulnerabilities
2009-07-27 00:00:00
squid -- Denial of Service vulnerability in HTCP
2010-02-12 00:00:00
squid -- Denial of Service vulnerability in DNS handling
2010-01-14 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: squid-3.0.STABLE18-1.fc10
2009-08-17 21:59:33
[SECURITY] Fedora 11 Update: squid-3.0.STABLE18-1.fc11
2009-08-17 21:57:02
[SECURITY] Fedora 12 Update: squid-3.1.8-1.fc12
2010-09-15 22:34:52
oraclelinux
oraclelinux
squid security and bug fix update
2010-04-05 00:00:00
squid security update
2011-09-14 00:00:00
squid security and bug fix update
2011-05-28 00:00:00
redhat
redhat
(RHSA-2010:0221) Low: squid security and bug fix update
2010-03-30 00:00:00
(RHSA-2011:1293) Moderate: squid security update
2011-09-14 00:00:00
(RHSA-2011:0545) Low: squid security and bug fix update
2011-05-19 00:00:00
osv
osv
squid squid3 - denial of service
2010-02-04 00:00:00
squid3 - denial of service
2009-07-28 00:00:00
squid3 - regression fix
2009-07-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:05:32
Denial Of Service (DoS)
2020-04-10 00:47:42
Denial Of Service (DoS)
2020-04-10 00:47:43
ubuntucve
ubuntucve
CVE-2010-2951
2010-10-12 00:00:00
CVE-2009-2855
2009-08-18 00:00:00
CVE-2009-2622
2009-07-28 00:00:00
debiancve
debiancve
CVE-2010-2951
2010-10-12 21:00:00
CVE-2009-2622
2009-07-28 17:30:01
CVE-2010-0308
2010-02-03 18:30:00
prion
prion
Design/Logic Flaw
2010-10-12 21:00:00
Design/Logic Flaw
2009-07-28 17:30:00
Design/Logic Flaw
2010-02-03 18:30:00
cvelist
cvelist
CVE-2010-2951
2010-10-12 20:00:00
CVE-2009-2855
2009-08-18 20:41:00
CVE-2010-0308
2010-02-03 18:00:00
suse
suse
Security update for squid3 (important)
2011-09-07 17:08:16
VUL-0: CVE-2011-3205: squid: buffer overflow in Gopher reply parser (important)
2011-09-07 17:08:13
checkpoint_advisories
checkpoint_advisories
Squid Proxy Gopher Response Processing Denial of Service (CVE-2011-3205)
2012-05-14 00:00:00
Squid Proxy Gopher Response Processing Buffer Overflow (CVE-2011-3205)
2011-11-29 00:00:00
Squid Proxy Invalid HTTP Response Status Code Denial of Service (CVE-2009-2621)
2009-08-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package squid version 3.1.15-alt1
2011-09-07 00:00:00
cve
cve
CVE-2010-2951
2010-10-12 21:00:01
CVE-2009-2855
2009-08-18 21:00:00
CVE-2009-2622
2009-07-28 17:30:01
nvd
nvd
CVE-2010-2951
2010-10-12 21:00:01
CVE-2009-2855
2009-08-18 21:00:00
CVE-2009-2622
2009-07-28 17:30:01
seebug
seebug
Squid外部认证头解析器拒绝服务漏洞
2009-08-21 00:00:00
Squid Web代理缓存HTCP请求远程拒绝服务漏洞
2010-02-26 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.965 High

EPSS

Percentile

99.6%

JSON
Related for GLSA-201110-24
openvas68nessus48securityvulns9debian5ubuntu1freebsd4fedora3oraclelinux3redhat3osv4veracode4ubuntucve5debiancve6prion6cvelist7suse2checkpoint_advisories5altlinux1cve7nvd6seebug2