remote command execution in squid

ID SUSE-SA:2005:006
Type suse
Reporter Suse
Modified 2005-02-10T15:13:39


Squid is a feature-rich web-proxy with support for various web-related protocols. The last two squid updates from February the 1st and 10th fix several vulnerabilities. The impact of them range from remote denial-of-service over cache poisoning to possible remote command execution. Due to the hugh amount of bugs the vulnerabilities are just summarized here. CAN-2005-0094 A buffer overflow in the Gopher responses parser leads to memory corruption and usually crash squid.


There is no workaround known.