Lucene search
RootSSV:19188HistoryFeb 26, 2010 - 12:00 a.m.
Squid Web代理缓存HTCP请求远程拒绝服务漏洞
2010-02-2600:00:00
Root
www.seebug.org
13
0.943 High
EPSS
Percentile
99.2%
BUGTRAQ ID: 38212
CVE ID: CVE-2010-0639
Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。
远程攻击者可以通过向Squid的HTCP端口发送畸形报文触发空指针引用,导致Squid崩溃。
Squid Web Proxy Cache 3.0
Squid Web Proxy Cache 2.x
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
对于Squid-2.x
- 明确配置htcp_port 0
对于Squid-3.0
- 升级到3.0版本后删除squid.conf中所有非必需的htcp_port设置
厂商补丁:
Squid
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch
Ubuntu
Ubuntu已经为此发布了一个安全公告(USN-904-1)以及相应补丁:
USN-904-1:Squid vulnerability
链接:http://www.ubuntu.com/usn/USN-904-1
Related
cve
cve
CVE-2010-0639
2010-02-15 18:30:00
freebsd
freebsd
squid -- Denial of Service vulnerability in HTCP
2010-02-12 00:00:00
nessus
nessus
openSUSE Security Update : squid (openSUSE-SU-2012:0102-1)
2014-06-13 00:00:00
Fedora 12 : squid-3.1.0.16-6.fc12 (2010-3064)
2010-07-01 00:00:00
Squid < 3.0.STABLE24 / 2.7.STABLE8 / 2.6.STABLE24
2010-04-21 00:00:00
openvas
openvas
Mandriva Update for squid MDVSA-2010:060 (squid)
2010-03-12 00:00:00
FreeBSD Ports: squid
2010-02-18 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: squid-3.1.8-1.fc12
2010-09-15 22:34:52
[SECURITY] Fedora 12 Update: squid-3.1.0.16-6.fc12
2010-02-27 03:42:08
cvelist
cvelist
CVE-2010-0639
2010-02-15 18:00:00
nvd
nvd
CVE-2010-0639
2010-02-15 18:30:00
ubuntu
ubuntu
Squid vulnerability
2010-02-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Squid Proxy HTCP Packet Processing Denial of Service (CVE-2010-0639)
2010-05-12 00:00:00
debiancve
debiancve
CVE-2010-0639
2010-02-15 18:30:00
securityvulns
securityvulns
squid proxy server DoS
2010-02-25 00:00:00
ubuntucve
ubuntucve
CVE-2010-0639
2010-02-15 00:00:00
prion
prion
Null pointer dereference
2010-02-15 18:30:00
gentoo
gentoo
Squid: Multiple vulnerabilities
2011-10-26 00:00:00