Lucene search
Gentoo FoundationGLSA-201209-08HistorySep 24, 2012 - 12:00 a.m.
SquidClamav: Denial of service
2012-09-2400:00:00
Gentoo Foundation
security.gentoo.org
14
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.056
Percentile
93.4%
Background
SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP.
Description
SquidClamav does not properly escape URLs before passing them to the system command call.
Impact
A remote attacker could send a specially crafted URL to SquidClamav, possibly resulting in a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All SquidClamav users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/squidclamav-6.8"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-proxy/squidclamav | < 6.8 | UNKNOWN |
Related
nessus
nessus
FreeBSD : squidclamav -- Denial of Service (8defa0f9-ee8a-11e1-8bd8-0022156e8794)
2012-08-27 00:00:00
SquidClamav Specially Crafted Character Parsing Remote DoS
2012-09-10 00:00:00
GLSA-201209-08 : SquidClamav: Denial of Service
2012-09-25 00:00:00
nvd
nvd
CVE-2012-3501
2012-08-25 10:29:52
cve
cve
CVE-2012-3501
2012-08-25 10:29:52
openvas
openvas
SquidClamav URL Parsing DoS Vulnerability
2012-09-17 00:00:00
FreeBSD Ports: squidclamav
2012-08-30 00:00:00
Gentoo Security Advisory GLSA 201209-08 (squidclamav)
2012-09-26 00:00:00
freebsd
freebsd
squidclamav -- Denial of Service
2012-07-24 00:00:00
prion
prion
Command injection
2012-08-25 10:29:00
ubuntucve
ubuntucve
CVE-2012-3501
2012-08-25 00:00:00
cvelist
cvelist
CVE-2012-3501
2012-08-25 10:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.056
Percentile
93.4%
Related for GLSA-201209-08