Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-576-1
HistoryOct 29, 2004 - 12:00 a.m.

squid - multiple

2004-10-2900:00:00
Google
osv.dev
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several security vulnerabilities have been discovered in Squid, the
internet object cache, the popular WWW proxy cache. The Common
Vulnerabilities and Exposures project identifies the following
problems:

  • CVE-1999-0710
    It is possible to bypass access lists and scan arbitrary hosts and
    ports in the network through cachemgr.cgi, which is installed by
    default. This update disables this feature and introduces a
    configuration file (/etc/squid/cachemgr.conf) to control
    this behavior.

  • CAN-2004-0918
    The asn_parse_header function (asn1.c) in the SNMP module for
    Squid allows remote attackers to cause a denial of service via
    certain SNMP packets with negative length fields that causes a
    memory allocation error.

For the stable distribution (woody) these problems have been fixed in
version 2.4.6-2woody4.

For the unstable distribution (sid) these problems have been fixed in
version 2.5.7-1.

We recommend that you upgrade your squid package.

Related

nessus 17
debian 2
openvas 21
altlinux 1
freebsd 2
debiancve 2
cve 2
cvelist 2
fedora 2
gentoo 1
checkpoint_advisories 1
securityvulns 1
redhat 3
ubuntucve 1
ubuntu 1
centos 2
suse 1
nessus
nessus
Debian DSA-576-1 : squid - several vulnerabilities
2004-11-10 00:00:00
FreeBSD : squid -- possible abuse of cachemgr.cgi (a395397c-c7c8-11d9-9e1e-c296ac722cb3)
2005-07-13 00:00:00
Squid cachemgr.cgi Proxied Port Scanning
1999-08-22 00:00:00
debian
debian
[SECURITY] [DSA 576-1] New Squid packages fix several vulnerabilities
2004-10-29 05:41:12
[SECURITY] [DSA 576-1] New Squid packages fix several vulnerabilities
2004-10-29 05:41:12
openvas
openvas
Debian Security Advisory DSA 576-1 (squid)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-576-1)
2008-01-17 00:00:00
RedHat 6.0 cachemgr.cgi
2005-11-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package squid version 2.5.STABLE9-alt3
2005-05-12 00:00:00
freebsd
freebsd
squid -- possible abuse of cachemgr.cgi
1999-07-29 00:00:00
squid -- SNMP module denial-of-service vulnerability
2004-09-29 00:00:00
debiancve
debiancve
CVE-1999-0710
1999-07-25 04:00:00
CVE-2004-0918
2005-01-27 05:00:00
cve
cve
CVE-1999-0710
1999-07-25 04:00:00
CVE-2004-0918
2005-01-27 05:00:00
cvelist
cvelist
CVE-1999-0710
2000-01-04 05:00:00
CVE-2004-0918
2004-10-21 04:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: squid-3.0.STABLE7-1.fc9
2008-07-03 03:16:28
[SECURITY] Fedora 9 Update: squid-3.0.STABLE13-1.fc9
2009-02-12 20:37:22
gentoo
gentoo
Squid: Remote DoS vulnerability
2004-10-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid SNMP Parser ASN.1 Header Parsing Denial of Service (CVE-2004-0918)
2009-10-28 00:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 10.11.04: Squid Web Proxy Cache Remote Denial of Service Vulnerability
2004-10-12 00:00:00
redhat
redhat
(RHSA-2004:591) squid security update
2004-10-20 00:00:00
(RHSA-2005:489) squid security update
2005-06-13 00:00:00
(RHSA-2005:415) squid security update
2005-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2004-0918
2005-01-27 00:00:00
ubuntu
ubuntu
squid vulnerabilities
2004-11-07 00:00:00
centos
centos
squid security update
2005-06-13 22:49:39
squid security update
2005-06-14 20:28:53
suse
suse
remote system compromise in xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups
2004-10-26 10:45:14

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-576-1
nessus17debian2openvas21altlinux1freebsd2debiancve2cve2cvelist2fedora2gentoo1checkpoint_advisories1securityvulns1redhat3ubuntucve1ubuntu1centos2suse1