GLSA-200903-38 : Squid: Multiple Denial of Service vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-38 Squid: Multiple Denial of Service vulnerabilities The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for...

Squid Web代理缓存arrayShrink()函数远程拒绝服务漏洞

BUGTRAQ ID: 28693 CVECAN ID: CVE-2008-1612 Squid是一个高效的Web缓存及代理程序，最初是为Unix平台开发的，现在也被移植到Linux和大多数的Unix类系统中，最新的Squid可以运行在Windows平台下。 Squid的arrayShrink函数操控系统内存中所储存的缓存对象的HTTP头的方式存在漏洞，攻击者可以利用这个漏洞导致squid子进程退出，这会中断已有连接，导致代理服务不可以。 Squid父进程会启动一个新的子进程，因此这种攻击仅会导致临时的拒绝服务。这个漏洞是由于没有正确地修复CVE-2007-6239中所述漏洞而导致的。...

CVE-2008-1612

The arrayShrink function lib/Array.c in Squid 2.6.STABLE17 allows attackers to cause a denial of service process exit via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239...

CVE-2008-1612

The arrayShrink function lib/Array.c in Squid 2.6.STABLE17 allows attackers to cause a denial of service process exit via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239...