{"id": "RHSA-2007:1130", "hash": "c44f0cff7351ccd30afeb4e6b47d7347", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2019-03-22T23:42:48", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2019-05-29T14:33:35", "history": [{"bulletin": {"id": "RHSA-2007:1130", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\nsupporting FTP, gopher, and HTTP data objects.\n\nA flaw was found in the way squid stored HTTP headers for cached objects\nin system memory. An attacker could cause squid to use additional memory,\nand trigger high CPU usage when processing requests for certain cached\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\n\nUsers of squid are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2017-06-05T09:59:08", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2017-06-05T07:49:17", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "squid", "OSVersion": "4", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "operator": "lt"}, {"packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "squid", "OSVersion": "5", "packageVersion": "2.6.STABLE6-5.el5_1.2", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE3-8.3E.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.5.STABLE3-8.3E", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE3-8.3E.s390.rpm", "OS": "RedHat", "arch": "s390", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.5.STABLE3-8.3E", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE3-8.3E.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.5.STABLE3-8.3E", "operator": "lt"}, {"packageFilename": "squid-2.4.STABLE7-1.21as.11.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.4.STABLE7-1.21as.11", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "squid", "OSVersion": "4", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "operator": "lt"}, {"packageFilename": "squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "squid", "OSVersion": "5", "packageVersion": "2.6.STABLE6-5.el5_1.2", "operator": "lt"}, {"packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ia64.rpm", "OS": "RedHat", "arch": "ia64", "packageName": "squid", "OSVersion": "5", "packageVersion": "2.6.STABLE6-5.el5_1.2", "operator": "lt"}, {"packageFilename": "squid-2.4.STABLE7-1.21as.11.ia64.rpm", "OS": "RedHat", "arch": "ia64", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.4.STABLE7-1.21as.11", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm", "OS": "RedHat", "arch": "ia64", "packageName": "squid", "OSVersion": "4", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm", "OS": "RedHat", "arch": "ppc", "packageName": "squid", "OSVersion": "4", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "squid", "OSVersion": "4", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE3-8.3E.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.5.STABLE3-8.3E", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE3-8.3E.ia64.rpm", "OS": "RedHat", "arch": "ia64", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.5.STABLE3-8.3E", "operator": "lt"}, {"packageFilename": "squid-2.6.STABLE6-5.el5_1.2.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "squid", "OSVersion": "5", "packageVersion": "2.6.STABLE6-5.el5_1.2", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "squid", "OSVersion": "4", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm", "OS": "RedHat", "arch": "x86_64", "packageName": "squid", "OSVersion": "4", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "operator": "lt"}, {"packageFilename": "squid-2.6.STABLE6-5.el5_1.2.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "squid", "OSVersion": "5", "packageVersion": "2.6.STABLE6-5.el5_1.2", "operator": "lt"}, {"packageFilename": "squid-2.5.STABLE3-8.3E.s390x.rpm", "OS": "RedHat", "arch": "s390x", "packageName": "squid", "OSVersion": "any", "packageVersion": "2.5.STABLE3-8.3E", "operator": "lt"}, {"packageFilename": "squid-2.6.STABLE6-5.el5_1.2.src.rpm", "OS": "RedHat", "arch": "src", "packageName": "squid", "OSVersion": "5", "packageVersion": "2.6.STABLE6-5.el5_1.2", "operator": "lt"}]}, "lastseen": "2017-06-05T07:49:17", "differentElements": ["affectedPackage", "description", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2017-07-28T19:23:42", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2017-08-02T20:57:52", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}]}, "lastseen": "2017-08-02T20:57:52", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2017-09-08T11:52:37", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2017-09-09T07:20:35", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.8, "modified": "2017-09-09T07:20:35"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.src.rpm", "arch": "src", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:20:35", "differentElements": ["affectedPackage", "modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2018-01-24T21:59:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2018-01-24T19:05:31", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.8, "modified": "2018-01-24T19:05:31"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2018-01-24T19:05:31", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2018-02-18T04:19:14", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2018-02-17T23:38:34", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.8, "modified": "2018-02-17T23:38:34"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2018-02-17T23:38:34", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2018-02-18T04:35:27", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2018-02-18T17:10:58", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.8, "modified": "2018-02-18T17:10:58"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2018-02-18T17:10:58", "differentElements": ["modified"], "edition": 6}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2018-03-14T19:26:23", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2018-03-14T15:43:39", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390.rpm", "arch": "s390", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageName": "squid", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "4", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.s390x.rpm", "arch": "s390x", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.ppc.rpm", "arch": "ppc", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.6.STABLE6-5.el5_1.2", "packageName": "squid", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "2.5.STABLE3-8.3E", "packageName": "squid", "packageFilename": "squid-2.5.STABLE3-8.3E.x86_64.rpm", "arch": "x86_64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}, {"packageVersion": "2.4.STABLE7-1.21as.11", "packageName": "squid", "packageFilename": "squid-2.4.STABLE7-1.21as.11.ia64.rpm", "arch": "ia64", "operator": "lt", "OSVersion": "any", "OS": "RedHat"}]}, "lastseen": "2018-03-14T15:43:39", "differentElements": ["modified"], "edition": 7}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "135f41804574c330e99c97bbd6035df2", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2018-05-11T23:27:09", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2018-05-11T21:13:43", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "squid", "packageVersion": "2.4.STABLE7-1.21as.11", "packageFilename": "squid-2.4.STABLE7-1.21as.11.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ppc", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "s390x", "packageName": "squid", "packageVersion": "2.6.STABLE6-5.el5_1.2", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "s390", "packageName": "squid", "packageVersion": "2.5.STABLE3-8.3E", "packageFilename": "squid-2.5.STABLE3-8.3E.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "x86_64", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "ia64", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "arch": "s390x", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ppc", "packageName": "squid", "packageVersion": "2.6.STABLE6-5.el5_1.2", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "s390x", "packageName": "squid", "packageVersion": "2.5.STABLE3-8.3E", "packageFilename": "squid-2.5.STABLE3-8.3E.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "x86_64", "packageName": "squid", "packageVersion": "2.6.STABLE6-5.el5_1.2", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "ia64", "packageName": "squid", "packageVersion": "2.6.STABLE6-5.el5_1.2", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "squid", "packageVersion": "2.5.STABLE3-8.3E", "packageFilename": "squid-2.5.STABLE3-8.3E.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "i386", "packageName": "squid", "packageVersion": "2.5.STABLE3-8.3E", "packageFilename": "squid-2.5.STABLE3-8.3E.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ppc", "packageName": "squid", "packageVersion": "2.5.STABLE3-8.3E", "packageFilename": "squid-2.5.STABLE3-8.3E.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "squid", "packageVersion": "2.6.STABLE6-5.el5_1.2", "packageFilename": "squid-2.6.STABLE6-5.el5_1.2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "x86_64", "packageName": "squid", "packageVersion": "2.5.STABLE3-8.3E", "packageFilename": "squid-2.5.STABLE3-8.3E.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "arch": "ia64", "packageName": "squid", "packageVersion": "2.4.STABLE7-1.21as.11", "packageFilename": "squid-2.4.STABLE7-1.21as.11.ia64.rpm", "operator": "lt"}]}, "lastseen": "2018-05-11T21:13:43", "differentElements": ["affectedPackage"], "edition": 8}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "bd452569584b8268b5ae2d5a583a6d79", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2018-05-11T23:27:09", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2018-12-11T17:43:46", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6239"]}, {"type": "osvdb", "idList": ["OSVDB:39381"]}, {"type": "openvas", "idList": ["OPENVAS:880325", "OPENVAS:861294", "OPENVAS:1361412562310880325", "OPENVAS:1361412562310870196", "OPENVAS:1361412562310880318", "OPENVAS:60140", "OPENVAS:1361412562310880323", "OPENVAS:880318", "OPENVAS:136141256231065970", "OPENVAS:1361412562310122624"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1482-1:AAA88", "DEBIAN:DSA-1646-2:980C8", "DEBIAN:DSA-1646-1:A9FB0"]}, {"type": "nessus", "idList": ["SL_20071218_SQUID_ON_SL5_X.NASL", "GENTOO_GLSA-200801-05.NASL", "ORACLELINUX_ELSA-2007-1130.NASL", "REDHAT-RHSA-2007-1130.NASL", "DEBIAN_DSA-1482.NASL", "FEDORA_2007-4161.NASL", "SUSE_SQUID-4782.NASL", "FREEBSD_PKG_6EB580D7A29C11DC8919001C2514716C.NASL", "FEDORA_2007-4170.NASL", "SUSE_SQUID-4779.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1130", "ELSA-2008-0214"]}, {"type": "gentoo", "idList": ["GLSA-200801-05", "GLSA-200903-38"]}, {"type": "ubuntu", "idList": ["USN-565-1", "USN-601-1"]}, {"type": "cert", "idList": ["VU:232881"]}, {"type": "centos", "idList": ["CESA-2007:1130-04", "CESA-2007:1130"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8419", "SECURITYVULNS:DOC:19644"]}, {"type": "freebsd", "idList": ["6EB580D7-A29C-11DC-8919-001C2514716C"]}, {"type": "seebug", "idList": ["SSV:3184"]}], "modified": "2018-12-11T17:43:46"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "operator": "lt"}]}, "lastseen": "2018-12-11T17:43:46", "differentElements": ["modified"], "edition": 9}, {"bulletin": {"id": "RHSA-2007:1130", "hash": "3797018ba1635d6199394199ecd3da0d", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2007:1130) Moderate: squid security update", "description": "Squid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "published": "2007-12-18T05:00:00", "modified": "2019-03-22T23:42:48", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1130", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2007-6239"], "lastseen": "2019-03-22T21:13:54", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6239"]}, {"type": "osvdb", "idList": ["OSVDB:39381"]}, {"type": "openvas", "idList": ["OPENVAS:880325", "OPENVAS:861294", "OPENVAS:1361412562310880325", "OPENVAS:1361412562310870196", "OPENVAS:136141256231065970", "OPENVAS:60140", "OPENVAS:880318", "OPENVAS:1361412562310880318", "OPENVAS:1361412562310880323", "OPENVAS:1361412562310880146"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1130", "ELSA-2008-0214"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1482-1:AAA88", "DEBIAN:DSA-1646-2:980C8", "DEBIAN:DSA-1646-1:A9FB0"]}, {"type": "nessus", "idList": ["SL_20071218_SQUID_ON_SL5_X.NASL", "GENTOO_GLSA-200801-05.NASL", "SUSE_SQUID-4779.NASL", "SUSE9_12004.NASL", "MANDRIVA_MDVSA-2008-002.NASL", "FREEBSD_PKG_6EB580D7A29C11DC8919001C2514716C.NASL", "UBUNTU_USN-565-1.NASL", "CENTOS_RHSA-2007-1130.NASL", "FEDORA_2007-4170.NASL", "ORACLELINUX_ELSA-2007-1130.NASL"]}, {"type": "centos", "idList": ["CESA-2007:1130", "CESA-2007:1130-04"]}, {"type": "freebsd", "idList": ["6EB580D7-A29C-11DC-8919-001C2514716C"]}, {"type": "gentoo", "idList": ["GLSA-200801-05", "GLSA-200903-38"]}, {"type": "ubuntu", "idList": ["USN-565-1", "USN-601-1"]}, {"type": "cert", "idList": ["VU:232881"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8419", "SECURITYVULNS:DOC:19644"]}, {"type": "seebug", "idList": ["SSV:3184"]}], "modified": "2019-03-22T21:13:54"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "operator": "lt"}]}, "lastseen": "2019-03-22T21:13:54", "differentElements": ["cvss"], "edition": 10}], "viewCount": 2, "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2019-05-29T14:33:35"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6239"]}, {"type": "osvdb", "idList": ["OSVDB:39381"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8419", "SECURITYVULNS:DOC:19644"]}, {"type": "ubuntu", "idList": ["USN-565-1", "USN-601-1"]}, {"type": "openvas", "idList": ["OPENVAS:861492", "OPENVAS:830408", "OPENVAS:136141256231065455", "OPENVAS:880146", "OPENVAS:880325", "OPENVAS:1361412562310880323", "OPENVAS:880318", "OPENVAS:65455", "OPENVAS:1361412562310880317", "OPENVAS:1361412562310830408"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_6EB580D7A29C11DC8919001C2514716C.NASL", "SUSE_SQUID-4782.NASL", "FEDORA_2007-4161.NASL", "GENTOO_GLSA-200801-05.NASL", "SUSE9_12004.NASL", "UBUNTU_USN-565-1.NASL", "SUSE_SQUID-4779.NASL", "FEDORA_2007-4170.NASL", "CENTOS_RHSA-2007-1130.NASL", "MANDRIVA_MDVSA-2008-002.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1482-1:AAA88", "DEBIAN:DSA-1646-2:980C8", "DEBIAN:DSA-1646-1:A9FB0"]}, {"type": "freebsd", "idList": ["6EB580D7-A29C-11DC-8919-001C2514716C"]}, {"type": "centos", "idList": ["CESA-2007:1130-04", "CESA-2007:1130"]}, {"type": "cert", "idList": ["VU:232881"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1130", "ELSA-2008-0214"]}, {"type": "gentoo", "idList": ["GLSA-200801-05", "GLSA-200903-38"]}, {"type": "seebug", "idList": ["SSV:3184"]}], "modified": "2019-05-29T14:33:35"}, "vulnersScore": 4.9}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "arch": "i386", "packageName": "squid", "packageVersion": "2.5.STABLE14-1.4E.el4_6.1", "packageFilename": "squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:09:02", "bulletinFamily": "NVD", "description": "The \"cache update reply processing\" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.", "modified": "2017-09-29T01:29:00", "id": "CVE-2007-6239", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6239", "published": "2007-12-04T18:46:00", "title": "CVE-2007-6239", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:24", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1482-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 05, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-6239\n\nIt was discovered that malformed cache update replies against the Squid\nWWW proxy cache could lead to the exhaustion of system memory, resulting\nin potential denial of service.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.5-6etch1.\n\nFor the old stable distribution (sarge), the update cannot currently\nbe processed on the buildd security network due to a bug in the archive\nmanagement script. This will be resolved soon. An update for i386\nis temporarily available at at http://people.debian.org/~jmm/squid/.\n\nWe recommend that you upgrade your squid packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1.dsc\n Size/MD5 checksum: 669 47baab1a60087828b695388c6edb1ee6\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz\n Size/MD5 checksum: 1636886 26cc918028340dc8ceb9c0c4b988d717\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1.diff.gz\n Size/MD5 checksum: 273904 db13c592e621e1b8571c01846842b8fd\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch1_all.deb\n Size/MD5 checksum: 437110 ac8cac2b29366e044e8362a7b394fc9d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_alpha.deb\n Size/MD5 checksum: 791040 6e313f97d91d37b726eea9194ded5a5b\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_alpha.deb\n Size/MD5 checksum: 87964 e6cb717df88977abfe41597384d96f6d\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_alpha.deb\n Size/MD5 checksum: 119136 79b01bf8b6310cca9812cfae2c7b3170\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_amd64.deb\n Size/MD5 checksum: 710400 9141b003810e1c50c364cd0303efd74f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_amd64.deb\n Size/MD5 checksum: 116352 1bf89f1f564164df73e3c32515e63ffb\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_amd64.deb\n Size/MD5 checksum: 86070 2818713df831edc4aeb01b3686d31e79\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_arm.deb\n Size/MD5 checksum: 115880 4c8cef9241a1377f7f49cab25af3b9b8\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_arm.deb\n Size/MD5 checksum: 676344 f693173e2c78bcda2211a1323ac85f9b\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_arm.deb\n Size/MD5 checksum: 85944 a9a014a349f7f826bf271fcdb1337334\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_hppa.deb\n Size/MD5 checksum: 117330 28e6069fb0b0e71b6f7d2a550cea9570\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_hppa.deb\n Size/MD5 checksum: 749000 abe4f58c0af4c5837a8ed1bf3b109b8b\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_hppa.deb\n Size/MD5 checksum: 87644 5c50485a6cf9faaa75ab97171464d4f1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_i386.deb\n Size/MD5 checksum: 654734 bdc20bc1b981d81b23e11eaa51b5d446\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_i386.deb\n Size/MD5 checksum: 85694 a125ae94c477acbd039916cb5295495c\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_i386.deb\n Size/MD5 checksum: 116008 ad3a1b4e437ea7a54aa27322d4ab5aa3\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_ia64.deb\n Size/MD5 checksum: 1066988 33f9cb183e83c91999b0fca9d7535a04\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_ia64.deb\n Size/MD5 checksum: 91272 dd10ed4eea19bde3c1e201c47aff656d\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_ia64.deb\n Size/MD5 checksum: 124104 f6f9be771782b221d1faea48d8ee842f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_mips.deb\n Size/MD5 checksum: 117058 6bd05ff7a166f10235a490d83adc9aaa\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_mips.deb\n Size/MD5 checksum: 87190 71adec3b47f6d047c5f00cb65986abc4\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_mips.deb\n Size/MD5 checksum: 742994 81160ebb191aa27d0c77e4454d2e13e3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_mipsel.deb\n Size/MD5 checksum: 117110 001be9f34ed3140d2fa8e4c698d08b4a\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_mipsel.deb\n Size/MD5 checksum: 87182 63006b975b09a4069bedaa5d78ab68d7\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_mipsel.deb\n Size/MD5 checksum: 747278 16486cdd91d2c1ddc68e2b3329cc0d94\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_powerpc.deb\n Size/MD5 checksum: 712288 694870f8b4dd3fed1e1133f82f584557\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_powerpc.deb\n Size/MD5 checksum: 86036 91ed9e4120cc6667ae5956ff8d2df43a\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_powerpc.deb\n Size/MD5 checksum: 116278 925d2622313fbc249ba896dc3ce87483\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_s390.deb\n Size/MD5 checksum: 116628 162bcb6411f90ce10b0406cca1cc081b\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_s390.deb\n Size/MD5 checksum: 86486 0373bb3d5504cd041025a41fcae00fb4\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_s390.deb\n Size/MD5 checksum: 711796 c7458baad180e177878eb324a5208488\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_sparc.deb\n Size/MD5 checksum: 667184 247fddedfe397f756ebb00d6b44c413a\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_sparc.deb\n Size/MD5 checksum: 86224 3c22a2f372efb50fc7c1976a20c9fdc2\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_sparc.deb\n Size/MD5 checksum: 115852 90d0326044c9796c51b73dd09aa7c34a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2008-02-05T22:40:29", "published": "2008-02-05T22:40:29", "id": "DEBIAN:DSA-1482-1:AAA88", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00045.html", "title": "[SECURITY] [DSA 1482-1] New squid packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1646-2 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nOctober 11, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : array bounds check\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-1612\n\nIn DSA 1646-1, an update was announced for a denial of service\nvulnerability in squid, a caching proxy server. Due to an error in\npackaging and in testing, the updated packages did not correct the\nweakness. An updated release is available which corrects the error.\nFor reference, the original advisory text follows.\n\nA weakness has been discovered in squid, a caching proxy server. The\nflaw was introduced upstream in response to CVE-2007-6239, and\nannounced by Debian in DSA-1482-1. The flaw involves an\nover-aggressive bounds check on an array resize, and could be\nexploited by an authorized client to induce a denial of service\ncondition against squid.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.5-6etch4.\n\nWe recommend that you upgrade your squid packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4.dsc\n Size/MD5 checksum: 669 6e919d707f76cb9d991744834369b876\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz\n Size/MD5 checksum: 1636886 26cc918028340dc8ceb9c0c4b988d717\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4.diff.gz\n Size/MD5 checksum: 273381 54c814d93e2976176d0389bf22fb216a\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch4_all.deb\n Size/MD5 checksum: 437254 46d12b52f401fcb70f7d951d66c5dade\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_alpha.deb\n Size/MD5 checksum: 119764 28f3499402f9c411df1a2b0eee1769b4\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_alpha.deb\n Size/MD5 checksum: 88450 a6df99cdff0c82901d9863223ad35ddb\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_alpha.deb\n Size/MD5 checksum: 793634 be22589c1b9d3ba1ab52156bf0a3353a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_amd64.deb\n Size/MD5 checksum: 86346 dafc6a156fc1f80f91a3d11a50183c02\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_amd64.deb\n Size/MD5 checksum: 116724 8334a79c13f1865c37f0e0897b7acbaf\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_amd64.deb\n Size/MD5 checksum: 709000 5c9d16bfc10bd4fedb2f9eb61c9395ca\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_arm.deb\n Size/MD5 checksum: 116122 184d2bd029ff022c9af03755bf72a3f5\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_arm.deb\n Size/MD5 checksum: 86244 2fdfae956f99ff1162fbb4bf8441ca15\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_arm.deb\n Size/MD5 checksum: 676602 07e3c76d7374ef1e91c20177ab1f4683\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_hppa.deb\n Size/MD5 checksum: 748514 6750bc041313f8d8adb4e183555d3581\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_hppa.deb\n Size/MD5 checksum: 88064 7dfa55ef0f63725163a1d011275382d4\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_hppa.deb\n Size/MD5 checksum: 118700 9d8d75d7858601696c8d7d441e440d19\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_i386.deb\n Size/MD5 checksum: 116550 031de91f40686ac7dc38e6de48615cb7\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_i386.deb\n Size/MD5 checksum: 655150 eee50212e07c78bedda110fe3bfa566e\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_i386.deb\n Size/MD5 checksum: 86152 4a7f52087fcee493d539e014ea21e3c4\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_ia64.deb\n Size/MD5 checksum: 1067252 44f4997b71e6f8b0e5570d057715660a\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_ia64.deb\n Size/MD5 checksum: 91522 d6fa05f3602bf87b2b3bd01b8cc426ef\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_ia64.deb\n Size/MD5 checksum: 124394 2bb271010b2172abcd31c61dfd47e465\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_mips.deb\n Size/MD5 checksum: 87494 ac30318c4ffedfad4a6d0801baf15474\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_mips.deb\n Size/MD5 checksum: 740002 6bc6ff8558d06873f01032bbd0b36c3f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_mips.deb\n Size/MD5 checksum: 118308 d92424cf93987ebb392798fb6a1339e1\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_mipsel.deb\n Size/MD5 checksum: 87434 afa29601429b35bfe722cb7b16fbb084\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_mipsel.deb\n Size/MD5 checksum: 747568 da0371a76195861c8cff6d28366da1d6\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_mipsel.deb\n Size/MD5 checksum: 117366 2c280932ebee5de58e669145b9ce59cc\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_powerpc.deb\n Size/MD5 checksum: 86292 88c32419e15d93511ed6427957d6cdd6\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_powerpc.deb\n Size/MD5 checksum: 712560 21e418ca3c982eb12a3d58a556b8682f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_powerpc.deb\n Size/MD5 checksum: 116520 67f7a1adde76c9c93520dbe84f5c9e99\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_s390.deb\n Size/MD5 checksum: 116868 078fed27faaaf363efeb0d7f8e9ffc06\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_s390.deb\n Size/MD5 checksum: 86738 ca0d927ffc1900e57c083bb59ac266b8\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_s390.deb\n Size/MD5 checksum: 712040 cdf675694f3b01cce10d92d6dbc7f26c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch4_sparc.deb\n Size/MD5 checksum: 667416 7a51316d2f9b7029d889a091aea6b309\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch4_sparc.deb\n Size/MD5 checksum: 116086 f10ece4d90708215b40f158ec37b1f28\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch4_sparc.deb\n Size/MD5 checksum: 86472 65e2a79ff0f73c6b40efa3831149852a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2008-10-11T06:47:39", "published": "2008-10-11T06:47:39", "id": "DEBIAN:DSA-1646-2:980C8", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00241.html", "title": "[SECURITY] [DSA 1646-2] New squid packages fix array bounds check", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:09", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1646-1 security@debian.org\nhttp://www.debian.org/security/ Devin Carraway\nOctober 07, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : squid\nVulnerability : array bounds check\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-1612\n\nA weakness has been discovered in squid, a caching proxy server. The\nflaw was introduced upstream in response to CVE-2007-6239, and\nannounced by Debian in DSA-1482-1. The flaw involves an\nover-aggressive bounds check on an array resize, and could be\nexploited by an authorized client to induce a denial of service\ncondition against squid.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.6.5-6etch2.\n\nWe recommend that you upgrade your squid packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz\n Size/MD5 checksum: 1636886 26cc918028340dc8ceb9c0c4b988d717\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.diff.gz\n Size/MD5 checksum: 273482 a50f26f9efdb5a4cecb924079a7acfb9\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.dsc\n Size/MD5 checksum: 669 b1726dce2c7eea1e010906ea38bf072c\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch2_all.deb\n Size/MD5 checksum: 437244 8bc777de8a4c48c8bf97b549f623c3b4\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_alpha.deb\n Size/MD5 checksum: 88358 85c2aa241e702ccbf2b628adeacb31ca\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_alpha.deb\n Size/MD5 checksum: 793566 ffdb43d648ad1bf20bf7abe02bdf02c3\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_alpha.deb\n Size/MD5 checksum: 119714 dce5baad9332f9e854f193770798025c\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_amd64.deb\n Size/MD5 checksum: 86296 6f3e9c710fd34f6e6dc73f59dd08305f\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_amd64.deb\n Size/MD5 checksum: 116682 a5cd8cc313c0ac1b029465ea20e4f545\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_amd64.deb\n Size/MD5 checksum: 708968 e8742c13712128d60a771644ebba83c4\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_arm.deb\n Size/MD5 checksum: 86138 3dacde2e043c0569b3d91967cbd8a12a\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_arm.deb\n Size/MD5 checksum: 676532 82a513ebd7efa71b7c4d433c11a92e21\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_arm.deb\n Size/MD5 checksum: 116058 a1f1c3e60860d99abc8a357756b8286c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_hppa.deb\n Size/MD5 checksum: 748436 f367be1a2654ba16ea5ffb8cd9402d0d\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_hppa.deb\n Size/MD5 checksum: 88006 bb51d372ee4bfefc50ad14dd80a3fd1e\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_hppa.deb\n Size/MD5 checksum: 118664 73d47d6e71b0c587b5ee47c050e73fed\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_i386.deb\n Size/MD5 checksum: 655102 974ebf7aa186c3bcad04db331eb1f9ef\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_i386.deb\n Size/MD5 checksum: 86032 8b76b6bef4d98138f0257e2facf390e3\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_i386.deb\n Size/MD5 checksum: 116484 1bf5155048c9f99ad0550a948dc7ec54\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_ia64.deb\n Size/MD5 checksum: 124294 46d7deb973420ec5e1fcf0d285b9c0fd\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_ia64.deb\n Size/MD5 checksum: 1067214 28910fa078f1877aa9cc481e2601978f\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_ia64.deb\n Size/MD5 checksum: 91458 9aceade803ca62f2ea942816d0e58a09\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mips.deb\n Size/MD5 checksum: 118250 86ad63f2ec01a03938a831f60c31a376\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mips.deb\n Size/MD5 checksum: 87452 8e70de43fecdd3600edf9717ddc3654e\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mips.deb\n Size/MD5 checksum: 739976 606bc3bf5b060bd90ac2527e0eaf8428\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mipsel.deb\n Size/MD5 checksum: 747420 47dfe6d5a3f07c07de007b3ffdbf040b\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mipsel.deb\n Size/MD5 checksum: 117306 9142ed1e467e20063cc7dedbcc364738\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mipsel.deb\n Size/MD5 checksum: 87384 4564cc7b0bb576fd5751b4571fb136f3\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_powerpc.deb\n Size/MD5 checksum: 116466 b658e55a0d48925469d8bb4da653a354\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_powerpc.deb\n Size/MD5 checksum: 86238 e692d6823acdc2334b3479de0458ff31\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_powerpc.deb\n Size/MD5 checksum: 712486 d979b30de8c28bec9374674aa5a7178f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_s390.deb\n Size/MD5 checksum: 116824 00e3445f2e543533e205028236034fb3\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_s390.deb\n Size/MD5 checksum: 86696 4d6587126afef9e41f2a2f66234f8d65\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_s390.deb\n Size/MD5 checksum: 711996 476e518c2abe6808d126bcd251b6029b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_sparc.deb\n Size/MD5 checksum: 116054 3f961d32524fdfd4ce03bfded0d8d4e0\n http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_sparc.deb\n Size/MD5 checksum: 86500 fad99b5e831a0fc3d59d1b2abb187a10\n http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_sparc.deb\n Size/MD5 checksum: 666098 09e028594df09126c2a5c207c5c8f05c\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2008-10-07T06:12:10", "published": "2008-10-07T06:12:10", "id": "DEBIAN:DSA-1646-1:A9FB0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00237.html", "title": "[SECURITY] [DSA-1646-1] New squid packages fix array bounds check", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:56:21", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861492", "id": "OPENVAS:861492", "title": "Fedora Update for squid FEDORA-2007-4170", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for squid FEDORA-2007-4170\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for Web clients,\n supporting FTP, gopher, and HTTP data objects. Unlike traditional\n caching software, Squid handles all requests in a single,\n non-blocking, I/O-driven process. Squid keeps meta data and especially\n hot objects cached in RAM, caches DNS lookups, supports non-blocking\n DNS lookups, and implements negative caching of failed requests.\n\n Squid consists of a main server program squid, a Domain Name System\n lookup program (dnsserver), a program for retrieving FTP data\n (ftpget), and some management and client tools.\";\n\ntag_affected = \"squid on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html\");\n script_id(861492);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:27:46 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-4170\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"Fedora Update for squid FEDORA-2007-4170\");\n\n script_summary(\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.6.STABLE17~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-debuginfo\", rpm:\"squid-debuginfo~2.6.STABLE17~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.6.STABLE17~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-debuginfo\", rpm:\"squid-debuginfo~2.6.STABLE17~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.6.STABLE17~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:27", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880323", "id": "OPENVAS:1361412562310880323", "type": "openvas", "title": "CentOS Update for squid CESA-2007:1130 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squid CESA-2007:1130 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for Web clients,\n supporting FTP, gopher, and HTTP data objects.\n\n A flaw was found in the way squid stored HTTP headers for cached objects\n in system memory. An attacker could cause squid to use additional memory,\n and trigger high CPU usage when processing requests for certain cached\n objects, possibly leading to a denial of service. (CVE-2007-6239)\n \n Users of squid are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"squid on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014514.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880323\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1130\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"CentOS Update for squid CESA-2007:1130 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE3~8.3E\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:11", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880325", "id": "OPENVAS:880325", "title": "CentOS Update for squid CESA-2007:1130 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squid CESA-2007:1130 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for Web clients,\n supporting FTP, gopher, and HTTP data objects.\n\n A flaw was found in the way squid stored HTTP headers for cached objects\n in system memory. An attacker could cause squid to use additional memory,\n and trigger high CPU usage when processing requests for certain cached\n objects, possibly leading to a denial of service. (CVE-2007-6239)\n \n Users of squid are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"squid on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014523.html\");\n script_id(880325);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1130\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"CentOS Update for squid CESA-2007:1130 centos4 i386\");\n\n script_summary(\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE14~1.4E.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:21", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880146", "id": "OPENVAS:880146", "title": "CentOS Update for squid CESA-2007:1130-04 centos2 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squid CESA-2007:1130-04 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for Web clients,\n supporting FTP, gopher, and HTTP data objects.\n\n A flaw was found in the way squid stored HTTP headers for cached objects\n in system memory. An attacker could cause squid to use additional memory,\n and trigger high CPU usage when processing requests for certain cached\n objects, possibly leading to a denial of service. (CVE-2007-6239)\n \n Users of squid are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"squid on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014581.html\");\n script_id(880146);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1130-04\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"CentOS Update for squid CESA-2007:1130-04 centos2 i386\");\n\n script_summary(\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.4.STABLE7~1.21as.11\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:23", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880318", "id": "OPENVAS:880318", "title": "CentOS Update for squid CESA-2007:1130 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squid CESA-2007:1130 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for Web clients,\n supporting FTP, gopher, and HTTP data objects.\n\n A flaw was found in the way squid stored HTTP headers for cached objects\n in system memory. An attacker could cause squid to use additional memory,\n and trigger high CPU usage when processing requests for certain cached\n objects, possibly leading to a denial of service. (CVE-2007-6239)\n \n Users of squid are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"squid on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014522.html\");\n script_id(880318);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1130\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"CentOS Update for squid CESA-2007:1130 centos4 x86_64\");\n\n script_summary(\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE14~1.4E.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:30", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830408", "id": "OPENVAS:830408", "title": "Mandriva Update for squid MDVSA-2008:002 (squid)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for squid MDVSA-2008:002 (squid)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The cache update reply processing functionality in Squid 2.x before\n 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial\n of service (crash) via unknown vectors related to HTTP headers.\n\n The updated package fixes this issue.\";\n\ntag_affected = \"squid on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00004.php\");\n script_id(830408);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:002\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"Mandriva Update for squid MDVSA-2008:002 (squid)\");\n\n script_summary(\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.6.STABLE7~2.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~2.6.STABLE7~2.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.6.STABLE1~4.4mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~2.6.STABLE1~4.4mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.6.STABLE16~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"squid-cachemgr\", rpm:\"squid-cachemgr~2.6.STABLE16~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:57", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015636 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65455", "id": "OPENVAS:65455", "title": "SLES9: Security update for squid", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015636.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for squid\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015636 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65455);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-6239\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE5~42.52\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:29", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015636 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065455", "id": "OPENVAS:136141256231065455", "type": "openvas", "title": "SLES9: Security update for squid", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015636.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for squid\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n squid\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015636 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65455\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-6239\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"SLES9: Security update for squid\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE5~42.52\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:43", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880323", "id": "OPENVAS:880323", "title": "CentOS Update for squid CESA-2007:1130 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squid CESA-2007:1130 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for Web clients,\n supporting FTP, gopher, and HTTP data objects.\n\n A flaw was found in the way squid stored HTTP headers for cached objects\n in system memory. An attacker could cause squid to use additional memory,\n and trigger high CPU usage when processing requests for certain cached\n objects, possibly leading to a denial of service. (CVE-2007-6239)\n \n Users of squid are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"squid on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014514.html\");\n script_id(880323);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1130\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"CentOS Update for squid CESA-2007:1130 centos3 i386\");\n\n script_summary(\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE3~8.3E\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:33", "bulletinFamily": "scanner", "description": "Check for the Version of squid", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880317", "id": "OPENVAS:1361412562310880317", "type": "openvas", "title": "CentOS Update for squid CESA-2007:1130 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for squid CESA-2007:1130 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Squid is a high-performance proxy caching server for Web clients,\n supporting FTP, gopher, and HTTP data objects.\n\n A flaw was found in the way squid stored HTTP headers for cached objects\n in system memory. An attacker could cause squid to use additional memory,\n and trigger high CPU usage when processing requests for certain cached\n objects, possibly leading to a denial of service. (CVE-2007-6239)\n \n Users of squid are advised to upgrade to these updated packages, which\n contain a backported patch to resolve this issue.\";\n\ntag_affected = \"squid on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014515.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880317\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1130\");\n script_cve_id(\"CVE-2007-6239\");\n script_name( \"CentOS Update for squid CESA-2007:1130 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of squid\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"squid\", rpm:\"squid~2.5.STABLE3~8.3E\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:10:34", "bulletinFamily": "scanner", "description": "- Thu Dec 6 2007 Martin Nagy <mnagy at redhat.com> - 7:2.6.STABLE16-1\n\n - Upstream patch to fix CVE-2007-6239 (#410181)\n\n - Fri Sep 7 2007 Martin Bacovsky <mbacovsk at redhat.com> - 7:2.6.STABLE16-1\n\n - upgrade to latest upstream 2.6.STABLE14\n\n - Wed Aug 1 2007 Martin Bacovsky <mbacovsk at redhat.com> - 7:2.6.STABLE14-1\n\n - upgrade to latest upstream 2.6.STABLE14\n\n - Mon Jun 4 2007 Martin Bacovsky <mbacovsk at redhat.com> - 7:2.6.STABLE13-1\n\n - update to latest upstream 2.6.STABLE13\n\n - resolves: #242423: Squid Version Violation\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-21T00:00:00", "id": "FEDORA_2007-4161.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29708", "published": "2007-12-17T00:00:00", "title": "Fedora 7 : squid-2.6.STABLE16-2.fc7 (2007-4161)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4161.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29708);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/10/21 21:54:56 $\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_xref(name:\"FEDORA\", value:\"2007-4161\");\n\n script_name(english:\"Fedora 7 : squid-2.6.STABLE16-2.fc7 (2007-4161)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Dec 6 2007 Martin Nagy <mnagy at redhat.com> -\n 7:2.6.STABLE16-1\n\n - Upstream patch to fix CVE-2007-6239 (#410181)\n\n - Fri Sep 7 2007 Martin Bacovsky <mbacovsk at\n redhat.com> - 7:2.6.STABLE16-1\n\n - upgrade to latest upstream 2.6.STABLE14\n\n - Wed Aug 1 2007 Martin Bacovsky <mbacovsk at\n redhat.com> - 7:2.6.STABLE14-1\n\n - upgrade to latest upstream 2.6.STABLE14\n\n - Mon Jun 4 2007 Martin Bacovsky <mbacovsk at\n redhat.com> - 7:2.6.STABLE13-1\n\n - update to latest upstream 2.6.STABLE13\n\n - resolves: #242423: Squid Version Violation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=410181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=412381\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005969.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1af65652\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid and / or squid-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"squid-2.6.STABLE16-2.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"squid-debuginfo-2.6.STABLE16-2.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid / squid-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:36", "bulletinFamily": "scanner", "description": "This update of squid fixes a denial-of-service bug during cache update reply processing. (CVE-2007-6239)", "modified": "2012-05-17T00:00:00", "id": "SUSE_SQUID-4782.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29824", "published": "2007-12-31T00:00:00", "title": "SuSE 10 Security Update : squid (ZYPP Patch Number 4782)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29824);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:27:18 $\");\n\n script_cve_id(\"CVE-2007-6239\");\n\n script_name(english:\"SuSE 10 Security Update : squid (ZYPP Patch Number 4782)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of squid fixes a denial-of-service bug during cache update\nreply processing. (CVE-2007-6239)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6239.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"squid-2.5.STABLE12-18.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"squid-2.5.STABLE12-18.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:28", "bulletinFamily": "scanner", "description": "Squid secuirty advisory reports :\n\nDue to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing.\n\nThis problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_6EB580D7A29C11DC8919001C2514716C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29230", "published": "2007-12-07T00:00:00", "title": "FreeBSD : Squid -- Denial of Service Vulnerability (6eb580d7-a29c-11dc-8919-001c2514716c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29230);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:41\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_bugtraq_id(26687);\n\n script_name(english:\"FreeBSD : Squid -- Denial of Service Vulnerability (6eb580d7-a29c-11dc-8919-001c2514716c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Squid secuirty advisory reports :\n\nDue to incorrect bounds checking Squid is vulnerable to a denial of\nservice check during some cache update reply processing.\n\nThis problem allows any client trusted to use the service to perform a\ndenial of service attack on the Squid service.\"\n );\n # https://vuxml.freebsd.org/freebsd/6eb580d7-a29c-11dc-8919-001c2514716c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45b1cdae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"squid>=2.0<2.6.16_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"squid>=3.*<3.0.r1.20071001_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:34", "bulletinFamily": "scanner", "description": "- Thu Dec 6 2007 Martin Nagy <mnagy at redhat.com> - 2.6.STABLE17-1\n\n - upgrade to latest upstream 2.6.STABLE17\n\n - Mon Nov 12 2007 Martin Bacovsky <mbacovsk at redhat.com> - 7:2.6.STABLE16-3\n\n - squid is compiled wirh arp acls support (--enable-arp-acl)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-21T00:00:00", "id": "FEDORA_2007-4170.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29709", "published": "2007-12-17T00:00:00", "title": "Fedora 8 : squid-2.6.STABLE17-1.fc8 (2007-4170)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-4170.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29709);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/10/21 21:54:57 $\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_xref(name:\"FEDORA\", value:\"2007-4170\");\n\n script_name(english:\"Fedora 8 : squid-2.6.STABLE17-1.fc8 (2007-4170)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Dec 6 2007 Martin Nagy <mnagy at redhat.com> -\n 2.6.STABLE17-1\n\n - upgrade to latest upstream 2.6.STABLE17\n\n - Mon Nov 12 2007 Martin Bacovsky <mbacovsk at\n redhat.com> - 7:2.6.STABLE16-3\n\n - squid is compiled wirh arp acls support\n (--enable-arp-acl)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=410181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=412391\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005959.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce7d26d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid and / or squid-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:squid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"squid-2.6.STABLE17-1.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"squid-debuginfo-2.6.STABLE17-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid / squid-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:34", "bulletinFamily": "scanner", "description": "Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects.\n\nA flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial of service.\n(CVE-2007-6239)\n\nUsers of squid are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2007-1130.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29730", "published": "2007-12-19T00:00:00", "title": "CentOS 3 / 4 / 5 : squid (CESA-2007:1130)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1130 and \n# CentOS Errata and Security Advisory 2007:1130 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29730);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_xref(name:\"RHSA\", value:\"2007:1130\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : squid (CESA-2007:1130)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated squid packages that fix a security issue are now available for\nRed Hat Enterprise Linux 2.1, 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquid is a high-performance proxy caching server for Web clients,\nsupporting FTP, gopher, and HTTP data objects.\n\nA flaw was found in the way squid stored HTTP headers for cached\nobjects in system memory. An attacker could cause squid to use\nadditional memory, and trigger high CPU usage when processing requests\nfor certain cached objects, possibly leading to a denial of service.\n(CVE-2007-6239)\n\nUsers of squid are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014514.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c041705\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014515.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ba5b357\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014516.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7398daa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014518.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ef35273\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014522.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4cea42a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014523.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3bd00fd\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014539.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5edb8616\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014540.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc3da73b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected squid package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"squid-2.5.STABLE3-8.3E\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"squid-2.5.STABLE14-1.4E.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"squid-2.5.STABLE14-1.4E.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"squid-2.5.STABLE14-1.4E.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"squid-2.6.STABLE6-5.el5_1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:37", "bulletinFamily": "scanner", "description": "It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-565-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29921", "published": "2008-01-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : squid vulnerability (USN-565-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-565-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29921);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_xref(name:\"USN\", value:\"565-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : squid vulnerability (USN-565-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Squid did not always clean up cache memory\ncorrectly. A remote attacker could manipulate cache update replies and\ncause Squid to use all available memory, leading to a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/565-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squid-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:squidclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"squid\", pkgver:\"2.5.12-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"squid-cgi\", pkgver:\"2.5.12-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"squid-common\", pkgver:\"2.5.12-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"squidclient\", pkgver:\"2.5.12-4ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"squid\", pkgver:\"2.6.1-3ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"squid-cgi\", pkgver:\"2.6.1-3ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"squid-common\", pkgver:\"2.6.1-3ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"squidclient\", pkgver:\"2.6.1-3ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"squid\", pkgver:\"2.6.5-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"squid-cgi\", pkgver:\"2.6.5-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"squid-common\", pkgver:\"2.6.5-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"squidclient\", pkgver:\"2.6.5-4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"squid\", pkgver:\"2.6.14-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"squid-cgi\", pkgver:\"2.6.14-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"squid-common\", pkgver:\"2.6.14-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"squidclient\", pkgver:\"2.6.14-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid / squid-cgi / squid-common / squidclient\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:37", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200801-05 (Squid: Denial of Service)\n\n The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates.\n Impact :\n\n A remote attacker could perform numerous specially crafted requests to the vulnerable server, resulting in a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "id": "GENTOO_GLSA-200801-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29909", "published": "2008-01-10T00:00:00", "title": "GLSA-200801-05 : Squid: Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200801-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29909);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_xref(name:\"GLSA\", value:\"200801-05\");\n\n script_name(english:\"GLSA-200801-05 : Squid: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200801-05\n(Squid: Denial of Service)\n\n The Wikimedia Foundation reported a memory leak vulnerability when\n performing cache updates.\n \nImpact :\n\n A remote attacker could perform numerous specially crafted requests to\n the vulnerable server, resulting in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200801-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Squid users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-proxy/squid-2.6.17'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-proxy/squid\", unaffected:make_list(\"ge 2.6.17\"), vulnerable:make_list(\"lt 2.6.17\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Squid\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:35", "bulletinFamily": "scanner", "description": "This update of squid fixes a denial-of-service bug during cache update reply processing. (CVE-2007-6239)", "modified": "2014-06-13T00:00:00", "id": "SUSE_SQUID-4779.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29823", "published": "2007-12-31T00:00:00", "title": "openSUSE 10 Security Update : squid (squid-4779)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update squid-4779.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29823);\n script_version (\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:36:49 $\");\n\n script_cve_id(\"CVE-2007-6239\");\n\n script_name(english:\"openSUSE 10 Security Update : squid (squid-4779)\");\n script_summary(english:\"Check for the squid-4779 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of squid fixes a denial-of-service bug during cache update\nreply processing. (CVE-2007-6239)\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected squid package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"squid-2.5.STABLE12-18.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"squid-2.6.STABLE6-0.8\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"squid-2.6.STABLE14-23.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:39", "bulletinFamily": "scanner", "description": "The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.\n\nThe updated package fixes this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2008-002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36545", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : squid (MDVSA-2008:002)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:002. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36545);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_xref(name:\"MDVSA\", value:\"2008:002\");\n\n script_name(english:\"Mandriva Linux Security Advisory : squid (MDVSA-2008:002)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The cache update reply processing functionality in Squid 2.x before\n2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial\nof service (crash) via unknown vectors related to HTTP headers.\n\nThe updated package fixes this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected squid and / or squid-cachemgr packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:squid-cachemgr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", reference:\"squid-2.6.STABLE1-4.4mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"squid-cachemgr-2.6.STABLE1-4.4mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", reference:\"squid-2.6.STABLE7-2.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"squid-cachemgr-2.6.STABLE7-2.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"squid-2.6.STABLE16-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"squid-cachemgr-2.6.STABLE16-1.2mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:15", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:1130 :\n\nUpdated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nSquid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects.\n\nA flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial of service.\n(CVE-2007-6239)\n\nUsers of squid are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.", "modified": "2018-08-13T00:00:00", "id": "ORACLELINUX_ELSA-2007-1130.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67623", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : squid (ELSA-2007-1130)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:1130 and \n# Oracle Linux Security Advisory ELSA-2007-1130 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67623);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2007-6239\");\n script_xref(name:\"RHSA\", value:\"2007:1130\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : squid (ELSA-2007-1130)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:1130 :\n\nUpdated squid packages that fix a security issue are now available for\nRed Hat Enterprise Linux 2.1, 3, 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nSquid is a high-performance proxy caching server for Web clients,\nsupporting FTP, gopher, and HTTP data objects.\n\nA flaw was found in the way squid stored HTTP headers for cached\nobjects in system memory. An attacker could cause squid to use\nadditional memory, and trigger high CPU usage when processing requests\nfor certain cached objects, possibly leading to a denial of service.\n(CVE-2007-6239)\n\nUsers of squid are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000455.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected squid package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:squid\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"squid-2.5.STABLE3-8.3E\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"squid-2.5.STABLE3-8.3E\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"squid-2.5.STABLE14-1.4E.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"squid-2.5.STABLE14-1.4E.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"squid-2.6.STABLE6-5.el5_1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"squid\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 2.6.STABLE17 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific Solution URL: \thttp://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch\n[Vendor Specific Advisory URL](http://www.squid-cache.org/Advisories/SQUID-2007_2.txt)\nSecurity Tracker: 1019036\n[Secunia Advisory ID:27910](https://secuniaresearch.flexerasoftware.com/advisories/27910/)\n[Secunia Advisory ID:28381](https://secuniaresearch.flexerasoftware.com/advisories/28381/)\n[Secunia Advisory ID:28350](https://secuniaresearch.flexerasoftware.com/advisories/28350/)\n[Secunia Advisory ID:28091](https://secuniaresearch.flexerasoftware.com/advisories/28091/)\n[Secunia Advisory ID:28109](https://secuniaresearch.flexerasoftware.com/advisories/28109/)\n[Secunia Advisory ID:28403](https://secuniaresearch.flexerasoftware.com/advisories/28403/)\nRedHat RHSA: RHSA-2007:1130\nOther Advisory URL: \thttps://bugzilla.redhat.com/show_bug.cgi?id=410181\nOther Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:002\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200801-05.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-565-1\nFrSIRT Advisory: ADV-2007-4066\n[CVE-2007-6239](https://vulners.com/cve/CVE-2007-6239)\nCERT VU: 232881\nBugtraq ID: 26687\n", "modified": "2007-11-27T00:00:00", "published": "2007-11-27T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39381", "id": "OSVDB:39381", "title": "Squid Cache Update Reply Processing Remote DoS ", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "description": "Invalid cash update reply processing.", "modified": "2007-12-12T00:00:00", "published": "2007-12-12T00:00:00", "id": "SECURITYVULNS:VULN:8419", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8419", "title": "squid proxy server DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "description": "=========================================================== \r\nUbuntu Security Notice USN-601-1 April 14, 2008\r\nsquid vulnerability\r\nCVE-2008-1612\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 6.10\r\nUbuntu 7.04\r\nUbuntu 7.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n squid 2.5.12-4ubuntu2.4\r\n\r\nUbuntu 6.10:\r\n squid 2.6.1-3ubuntu1.7\r\n\r\nUbuntu 7.04:\r\n squid 2.6.5-4ubuntu2.2\r\n\r\nUbuntu 7.10:\r\n squid 2.6.14-1ubuntu2.2\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that Squid did not perform proper bounds checking when\r\nprocessing cache update replies. A remote authenticated user may be able\r\nto trigger an assertion error and cause a denial of service. This\r\nvulnerability is due to an incorrect fix for CVE-2007-6239.\r\n&#40;CVE-2008-1612&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.4.diff.gz\r\n Size/MD5: 247667 05b709ab6c6ced664fca3eb8c8534e20\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.4.dsc\r\n Size/MD5: 666 7da288841f7d6c6f8c662a389ecc334e\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12.orig.tar.gz\r\n Size/MD5: 1407261 1fc92afd1e858a51a2ebeba28cb76656\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.12-4ubuntu2.4_all.deb\r\n Size/MD5: 203332 269c6ad6ebe5541d0b8880dfa305d56c\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.4_amd64.deb\r\n Size/MD5: 844138 8281589e7f42bb8aabd0a72f5bc2878d\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.4_amd64.deb\r\n Size/MD5: 106032 d631e04e0b10217ca8fd38a52a67d89a\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.4_amd64.deb\r\n Size/MD5: 79522 e81158cf4b36e69daacd77c58ce8faab\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.4_i386.deb\r\n Size/MD5: 756536 c347c37b1d33310600d2cd19a5e1b81d\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.4_i386.deb\r\n Size/MD5: 104858 e0ca641be3aa8770de87b80c9768b7ae\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.4_i386.deb\r\n Size/MD5: 78366 7dc911b739fbe19027d29f8be6c783c0\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.4_powerpc.deb\r\n Size/MD5: 839094 adbe397722a3fa1ea87b99f69ae7be72\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.4_powerpc.deb\r\n Size/MD5: 105728 7507a0e891242e490224be0a7e295a5c\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.4_powerpc.deb\r\n Size/MD5: 79486 b9d7a13662462d2ea26bdee58d573861\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.12-4ubuntu2.4_sparc.deb\r\n Size/MD5: 793280 3b06b5c2728ff2147f1b947b1d028a3c\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.12-4ubuntu2.4_sparc.deb\r\n Size/MD5: 105222 00abda35533fc22f7737856aa6f2172a\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.12-4ubuntu2.4_sparc.deb\r\n Size/MD5: 79440 6a8bb2ec68388f78fee19e5a2dd4ebdf\r\n\r\nUpdated packages for Ubuntu 6.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.7.diff.gz\r\n Size/MD5: 254763 e252c8c8e082a2ef7065ff3f8f3ff36f\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.7.dsc\r\n Size/MD5: 675 d2c24e9244d97f58302a21546a25c05d\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1.orig.tar.gz\r\n Size/MD5: 1593236 5035d9cc90e8033e4eac232ce19a665f\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.1-3ubuntu1.7_all.deb\r\n Size/MD5: 416084 f350b81af9e81420b2350355bebd67b5\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.7_amd64.deb\r\n Size/MD5: 678474 6ff5a19ddaf92102684ffd6fbe9caa36\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.7_amd64.deb\r\n Size/MD5: 109704 fd64d9866b244bfc50c772d1b84dbe39\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.7_amd64.deb\r\n Size/MD5: 82224 29594209f52225b09efc32165ebd467c\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.7_i386.deb\r\n Size/MD5: 609784 207b76849162076880cf7df035c95ccf\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.7_i386.deb\r\n Size/MD5: 108892 b187fe59f11f43ba6eb1902c8b2194ed\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.7_i386.deb\r\n Size/MD5: 81472 c9716d90bc7e66c036886e3c75b446c5\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.7_powerpc.deb\r\n Size/MD5: 683660 ae0e97423560b371aed4e7e9f7734f6f\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.7_powerpc.deb\r\n Size/MD5: 109538 80025cfae7d7863ba238f108777fb1b2\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.7_powerpc.deb\r\n Size/MD5: 82158 cafc6835a4ae8200ae9d3aa7b2b6e0d9\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.1-3ubuntu1.7_sparc.deb\r\n Size/MD5: 636180 0db7e64eb2588415504105f4fa475365\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.1-3ubuntu1.7_sparc.deb\r\n Size/MD5: 109162 44abc1d0e94368383e8261d6d313637e\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.1-3ubuntu1.7_sparc.deb\r\n Size/MD5: 82522 b4c666024a9747ed8535c47b184512ce\r\n\r\nUpdated packages for Ubuntu 7.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.2.diff.gz\r\n Size/MD5: 272337 f6744cf3f7ae32628290b9bd68ba813e\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.2.dsc\r\n Size/MD5: 761 736b606ac1afec4657c8516a125595ad\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5.orig.tar.gz\r\n Size/MD5: 1636886 26cc918028340dc8ceb9c0c4b988d717\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.5-4ubuntu2.2_all.deb\r\n Size/MD5: 437594 aeeba77731882cd06e97134d4e371b37\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.2_amd64.deb\r\n Size/MD5: 712118 a29a8669bac579cf09684f8a12364566\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.2_amd64.deb\r\n Size/MD5: 116484 047a2c8738e284bb32aae31023067546\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.2_amd64.deb\r\n Size/MD5: 86868 12a12ea3ed545db8ed233c6ad33540df\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.2_i386.deb\r\n Size/MD5: 640774 519724b3e19e271dac2ae8ad67b4e58a\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.2_i386.deb\r\n Size/MD5: 115722 f6237a5cd5975ac7fefe1a06b7eff7c7\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.2_i386.deb\r\n Size/MD5: 86098 4389e8dc194f6a51db84e9a66e9d41a8\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.2_powerpc.deb\r\n Size/MD5: 728496 7be7c056bb9aa0193939290f7e75ce12\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.2_powerpc.deb\r\n Size/MD5: 117040 09b95d8fa9396fa2e0fc5674cd503d2b\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.2_powerpc.deb\r\n Size/MD5: 87488 9ea28189672205a5b92d8112bc1d5abc\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.5-4ubuntu2.2_sparc.deb\r\n Size/MD5: 674020 33b1d5e27e08fd1f8b127d9c01b842ca\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.5-4ubuntu2.2_sparc.deb\r\n Size/MD5: 116282 289c107a2dfb603f030964105a112f21\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.5-4ubuntu2.2_sparc.deb\r\n Size/MD5: 87454 4cb551b49cb85d08c9d6b9803609dcb7\r\n\r\nUpdated packages for Ubuntu 7.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.2.diff.gz\r\n Size/MD5: 301024 490e4025cd800e69eeb15f43ffe0fbae\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.2.dsc\r\n Size/MD5: 764 badd1f8b8cc0c40a8e7db4e5710b0d72\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14.orig.tar.gz\r\n Size/MD5: 1694713 25a0e4d4b9e673b24c29901bbfbcdb5c\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.6.14-1ubuntu2.2_all.deb\r\n Size/MD5: 474092 f47722cbc00c6491494570ce4831bf02\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.2_amd64.deb\r\n Size/MD5: 715456 df3ce48f7a04eaa62ae2b5ee7f47faa6\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.2_amd64.deb\r\n Size/MD5: 111758 49f1243ec4ee3c8667e95ff693dc8157\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.2_amd64.deb\r\n Size/MD5: 91990 7d0c2b0050f13f82cb6fac205ad1b02b\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.2_i386.deb\r\n Size/MD5: 642572 a8b62680d53fb8fb1a89def6ab235624\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.2_i386.deb\r\n Size/MD5: 110902 95debb69cfae20349ad47e86d8e72f28\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.2_i386.deb\r\n Size/MD5: 91178 fe55bbb3019ea9d56237f0a0d3ad5802\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.2_powerpc.deb\r\n Size/MD5: 728072 3bdfbec516b9a6d4f2038a97537952dd\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.2_powerpc.deb\r\n Size/MD5: 112406 762f797a0ecb887188dd9b22d923da0b\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.2_powerpc.deb\r\n Size/MD5: 92538 1aeee23bfed61a3d206b6e3825db74fb\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.6.14-1ubuntu2.2_sparc.deb\r\n Size/MD5: 675466 c536f56f80a177a1cc546b813fbe95fd\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.6.14-1ubuntu2.2_sparc.deb\r\n Size/MD5: 111600 57f390b1637d8457e5675fbe0acea928\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.6.14-1ubuntu2.2_sparc.deb\r\n Size/MD5: 92548 49e901c305196336ab6021838a9ec0fd\r\n\r\n", "modified": "2008-04-15T00:00:00", "published": "2008-04-15T00:00:00", "id": "SECURITYVULNS:DOC:19644", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19644", "title": "[USN-601-1] Squid vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:38", "bulletinFamily": "unix", "description": "It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service.", "modified": "2008-01-09T00:00:00", "published": "2008-01-09T00:00:00", "id": "USN-565-1", "href": "https://usn.ubuntu.com/565-1/", "title": "Squid vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:23:17", "bulletinFamily": "unix", "description": "It was discovered that Squid did not perform proper bounds checking when processing cache update replies. A remote authenticated user may be able to trigger an assertion error and cause a denial of service. This vulnerability is due to an incorrect upstream fix for CVE-2007-6239. (CVE-2008-1612)", "modified": "2008-04-14T00:00:00", "published": "2008-04-14T00:00:00", "id": "USN-601-1", "href": "https://usn.ubuntu.com/601-1/", "title": "Squid vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "unix", "description": "\nSquid secuirty advisory reports:\n\nDue to incorrect bounds checking Squid is vulnerable\n\t to a denial of service check during some cache update\n\t reply processing.\nThis problem allows any client trusted to use the\n\t service to perform a denial of service attack on the\n\t Squid service.\n\n", "modified": "2007-12-07T00:00:00", "published": "2007-11-28T00:00:00", "id": "6EB580D7-A29C-11DC-8919-001C2514716C", "href": "https://vuxml.freebsd.org/freebsd/6eb580d7-a29c-11dc-8919-001c2514716c.html", "title": "Squid -- Denial of Service Vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cert": [{"lastseen": "2019-05-29T20:43:10", "bulletinFamily": "info", "description": "### Overview \n\nThe Squid Proxy server contains a vulnerability that may allow an attacker to create a denial-of-service condition that affects the Squid server and systems that rely on it.\n\n### Description \n\nSquid Proxy Cache is a caching proxy that supports the HTTP, HTTPS, and FTP protocols. Squid can also be deployed as a [reverse proxy](<http://wiki.squid-cache.org/SquidFaq/ReverseProxy>).\n\nFrom Squid Proxy Cache Security Update Advisory [SQUID-2007:2](<http://www.squid-cache.org/Advisories/SQUID-2007_2.txt>) \n_Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing._ \nThis incorrect bounds checking occurs within the `httpHeaderUpdate()` function when processing cache update replies. \n \n--- \n \n### Impact \n\nAn attacker who can access the Squid proxy may be able to cause the proxy server to crash. If the Squid proxy is deployed as a reverse proxy, the web servers relying on the proxy may also be affected. \n \n--- \n \n### Solution \n\n**Update** \nThe Squid team has released [patches](<http://www.squid-cache.org/Advisories/SQUID-2007_2.txt>) 11780 and 11211 to address this issue. Administrators who obtain Squid from their operating system vendor should see the systems affected portion of this document for a partial list of affected vendors. \n \n--- \n \n \n**Restrict access** \n \nRestricting access to the Squid proxy via [access control lists](<http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-c87419712cac704d01cecc7da11cd02f489b6986>) or firewall rules may prevent this vulnerability from being exploited by remote attackers.. \n \n--- \n \n### Vendor Information\n\n232881\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ IPCop\n\nNotified: December 10, 2007 Updated: December 11, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nIn order to address this issue the IPCop team released version 1.4.18 on the 2nd of December. All users of IPCop should upgrade to version 1.4.18.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee [http://ipcop.cvs.sourceforge.net/ipcop/ipcop/lfs/squid?view=log&amp;pathrev=IPCOP_v1_4_0](<http://ipcop.cvs.sourceforge.net/ipcop/ipcop/lfs/squid?view=log&pathrev=IPCOP_v1_4_0>) for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23232881 Feedback>).\n\n### __ __ Red Hat, Inc.\n\nNotified: December 10, 2007 Updated: December 11, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nThis issue affects the Squid package as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. The Red Hat Security Response Team has rated this issue as having moderate security impact. We are currently working on producing errata packages, when complete these will be available along with our advisory at the URL below.\n\n<http://rhn.redhat.com/cve/CVE-2007-6239.html>\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ __ SUSE Linux\n\nNotified: December 10, 2007 Updated: January 18, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nSUSE is affected by this problem, and we have released updated squid packages to fix it.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.novell.com/linux/security/advisories/suse_security_announce_62.html> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23232881 Feedback>).\n\n### __ Squid\n\nUpdated: December 10, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.squid-cache.org/Advisories/SQUID-2007_2.txt> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23232881 Feedback>).\n\n### __ Apple Computer, Inc.\n\nNotified: December 10, 2007 Updated: December 11, 2007 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Microsoft Corporation\n\nNotified: December 10, 2007 Updated: December 11, 2007 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ NetBSD\n\nNotified: December 10, 2007 Updated: December 11, 2007 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ __ Openwall GNU/*/Linux\n\nNotified: December 10, 2007 Updated: December 11, 2007 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nOpenwall GNU/*/Linux is not affected. We do not currently package Squid.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Slackware Linux Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Conectiva Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Cray Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Debian GNU/Linux\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ EMC Corporation\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Engarde Secure Linux\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ F5 Networks, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Fedora Project\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ FreeBSD, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Fujitsu\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Gentoo Linux\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Hewlett-Packard Company\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Hitachi\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ IBM Corporation\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ IBM Corporation (zseries)\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ IBM eServer\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Ingrian Networks, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Juniper Networks, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Mandriva, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ MontaVista Software, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ NEC Corporation\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Nokia\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Novell, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ OpenBSD\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ QNX, Software Systems, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Silicon Graphics, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ SmoothWall\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Sony Corporation\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Sun Microsystems, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ The SCO Group\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Trustix Secure Linux\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Turbolinux\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Ubuntu\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Unisys\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Wind River Systems, Inc.\n\nNotified: December 10, 2007 Updated: December 10, 2007 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 43 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www.squid-cache.org/Advisories/SQUID-2007_2.txt>\n * <http://wiki.squid-cache.org/SquidFaq/ReverseProxy>\n * <http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-c87419712cac704d01cecc7da11cd02f489b6986>\n * <http://secunia.com/advisories/27910/>\n\n### Acknowledgements\n\nThe Squid proxy team credits the Wikimedia Foundation for discovering this vulnerability. Adrian Chadd and Henrik Nordstrom are credited for authoring patches that address the issue. \n\nThis document was written by Ryan Giobbi. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-6239](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6239>) \n---|--- \n**Severity Metric:****** | 7.51 \n**Date Public:** | 2007-11-27 \n**Date First Published:** | 2007-12-10 \n**Date Last Updated: ** | 2008-01-18 16:35 UTC \n**Document Revision: ** | 12 \n", "modified": "2008-01-18T16:35:00", "published": "2007-12-10T00:00:00", "id": "VU:232881", "href": "https://www.kb.cert.org/vuls/id/232881", "type": "cert", "title": "Squid remote denial-of-service vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:33:47", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:1130\n\n\nSquid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014514.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014515.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014516.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014517.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014518.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014521.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014522.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014523.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014539.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014540.html\n\n**Affected packages:**\nsquid\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1130.html", "modified": "2007-12-21T00:10:19", "published": "2007-12-18T18:09:00", "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/014514.html", "id": "CESA-2007:1130", "title": "squid security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:40", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:1130-04\n\n\nSquid is a high-performance proxy caching server for Web clients,\r\nsupporting FTP, gopher, and HTTP data objects.\r\n\r\nA flaw was found in the way squid stored HTTP headers for cached objects\r\nin system memory. An attacker could cause squid to use additional memory,\r\nand trigger high CPU usage when processing requests for certain cached\r\nobjects, possibly leading to a denial of service. (CVE-2007-6239)\r\n\r\nUsers of squid are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014581.html\n\n**Affected packages:**\nsquid\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2008-01-13T02:19:55", "published": "2008-01-13T02:19:55", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014581.html", "id": "CESA-2007:1130-04", "title": "squid security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:59", "bulletinFamily": "unix", "description": " [2.5.STABLE3-8.3E]\n - fix for #410181 - CVE-2007-6239 Squid DoS in cache updates\n \n [2.5.STABLE3-7]\n - resolves: #238103: 'forwarded_for off' in squid.conf does not work. ", "modified": "2007-12-18T00:00:00", "published": "2007-12-18T00:00:00", "id": "ELSA-2007-1130", "href": "http://linux.oracle.com/errata/ELSA-2007-1130.html", "title": "Moderate: squid security update ", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "unix", "description": "[2.6.STABLE6-5.el5_1.3]\n- fix for #439801 - regression introduced in fix for CVE-2007-6239\n- Resolves: #439992", "modified": "2008-04-09T00:00:00", "published": "2008-04-09T00:00:00", "id": "ELSA-2008-0214", "href": "http://linux.oracle.com/errata/ELSA-2008-0214.html", "title": "squid security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:56", "bulletinFamily": "unix", "description": "### Background\n\nSquid is a multi-protocol proxy server. \n\n### Description\n\nThe Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. \n\n### Impact\n\nA remote attacker could perform numerous specially crafted requests to the vulnerable server, resulting in a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Squid users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-proxy/squid-2.6.17\"", "modified": "2008-01-09T00:00:00", "published": "2008-01-09T00:00:00", "id": "GLSA-200801-05", "href": "https://security.gentoo.org/glsa/200801-05", "type": "gentoo", "title": "Squid: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:33", "bulletinFamily": "unix", "description": "### Background\n\nSquid is a full-featured web proxy cache. \n\n### Description\n\n * The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239 (CVE-2008-1612).\n * An invalid version number in a HTTP request may trigger an assertion in HttpMsg.c and HttpStatusLine.c (CVE-2009-0478).\n\n### Impact\n\nThe issues allows for Denial of Service attacks against the service via an HTTP request with an invalid version number and other specially crafted requests. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Squid users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-proxy/squid-2.7.6\"", "modified": "2009-03-24T00:00:00", "published": "2009-03-24T00:00:00", "id": "GLSA-200903-38", "href": "https://security.gentoo.org/glsa/200903-38", "type": "gentoo", "title": "Squid: Multiple Denial of Service vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:43:33", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 28693\r\nCVE(CAN) ID: CVE-2008-1612\r\n\r\nSquid\u662f\u4e00\u4e2a\u9ad8\u6548\u7684Web\u7f13\u5b58\u53ca\u4ee3\u7406\u7a0b\u5e8f\uff0c\u6700\u521d\u662f\u4e3aUnix\u5e73\u53f0\u5f00\u53d1\u7684\uff0c\u73b0\u5728\u4e5f\u88ab\u79fb\u690d\u5230Linux\u548c\u5927\u591a\u6570\u7684Unix\u7c7b\u7cfb\u7edf\u4e2d\uff0c\u6700\u65b0\u7684Squid\u53ef\u4ee5\u8fd0\u884c\u5728Windows\u5e73\u53f0\u4e0b\u3002\r\n\r\nSquid\u7684arrayShrink()\u51fd\u6570\u64cd\u63a7\u7cfb\u7edf\u5185\u5b58\u4e2d\u6240\u50a8\u5b58\u7684\u7f13\u5b58\u5bf9\u8c61\u7684HTTP\u5934\u7684\u65b9\u5f0f\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u5bfc\u81f4squid\u5b50\u8fdb\u7a0b\u9000\u51fa\uff0c\u8fd9\u4f1a\u4e2d\u65ad\u5df2\u6709\u8fde\u63a5\uff0c\u5bfc\u81f4\u4ee3\u7406\u670d\u52a1\u4e0d\u53ef\u4ee5\u3002\r\n\r\nSquid\u7236\u8fdb\u7a0b\u4f1a\u542f\u52a8\u4e00\u4e2a\u65b0\u7684\u5b50\u8fdb\u7a0b\uff0c\u56e0\u6b64\u8fd9\u79cd\u653b\u51fb\u4ec5\u4f1a\u5bfc\u81f4\u4e34\u65f6\u7684\u62d2\u7edd\u670d\u52a1\u3002\u8fd9\u4e2a\u6f0f\u6d1e\u662f\u7531\u4e8e\u6ca1\u6709\u6b63\u786e\u5730\u4fee\u590dCVE-2007-6239\u4e2d\u6240\u8ff0\u6f0f\u6d1e\u800c\u5bfc\u81f4\u7684\u3002\r\n\n\nSquid Web Proxy Cache 3 beta\r\nSquid Web Proxy Cache 2.0 - 2.6.STABLE17\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0214-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0214-01\uff1aModerate: squid security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0214.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0214.html</a>\r\n\r\nSquid\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch target=_blank>http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch</a>\r\n<a href=http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE19.tar.gz target=_blank>http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE19.tar.gz</a>", "modified": "2008-04-17T00:00:00", "published": "2008-04-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3184", "id": "SSV:3184", "type": "seebug", "title": "Squid Web\u4ee3\u7406\u7f13\u5b58arrayShrink()\u51fd\u6570\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}