6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.951 High
EPSS
Percentile
99.1%
Squid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.
A buffer overflow flaw was found in the way Squid parsed replies from
remote Gopher servers. A remote user allowed to send Gopher requests to a
Squid proxy could possibly use this flaw to cause the squid child process
to crash or execute arbitrary code with the privileges of the squid user,
by making Squid perform a request to an attacker-controlled Gopher server.
(CVE-2011-3205)
Users of squid should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing this update, the
squid service will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | squid | < 3.1.10-1.el6_1.1 | squid-3.1.10-1.el6_1.1.src.rpm |
RedHat | 6 | ppc64 | squid | < 3.1.10-1.el6_1.1 | squid-3.1.10-1.el6_1.1.ppc64.rpm |
RedHat | 6 | x86_64 | squid-debuginfo | < 3.1.10-1.el6_1.1 | squid-debuginfo-3.1.10-1.el6_1.1.x86_64.rpm |
RedHat | 6 | i686 | squid-debuginfo | < 3.1.10-1.el6_1.1 | squid-debuginfo-3.1.10-1.el6_1.1.i686.rpm |
RedHat | 6 | s390x | squid-debuginfo | < 3.1.10-1.el6_1.1 | squid-debuginfo-3.1.10-1.el6_1.1.s390x.rpm |
RedHat | 6 | x86_64 | squid | < 3.1.10-1.el6_1.1 | squid-3.1.10-1.el6_1.1.x86_64.rpm |
RedHat | 6 | i686 | squid | < 3.1.10-1.el6_1.1 | squid-3.1.10-1.el6_1.1.i686.rpm |
RedHat | 6 | ppc64 | squid-debuginfo | < 3.1.10-1.el6_1.1 | squid-debuginfo-3.1.10-1.el6_1.1.ppc64.rpm |
RedHat | 6 | s390x | squid | < 3.1.10-1.el6_1.1 | squid-3.1.10-1.el6_1.1.s390x.rpm |