6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Squid is vulnerable to denial of service (DoS). A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server.
CPE | Name | Operator | Version |
---|---|---|---|
squid | eq | 3.1.4__1.el6 | |
squid | eq | 3.1.4__1.el6 |
lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html
lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
openwall.com/lists/oss-security/2011/08/29/2
openwall.com/lists/oss-security/2011/08/30/4
openwall.com/lists/oss-security/2011/08/30/8
secunia.com/advisories/45805
secunia.com/advisories/45906
secunia.com/advisories/45920
secunia.com/advisories/45965
secunia.com/advisories/46029
securitytracker.com/id?1025981
www.debian.org/security/2011/dsa-2304
www.mandriva.com/security/advisories?name=MDVSA-2011:150
www.osvdb.org/74847
www.redhat.com/support/errata/RHSA-2011-1293.html
www.securityfocus.com/bid/49356
www.squid-cache.org/Advisories/SQUID-2011_3.txt
www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch
www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch
www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch
www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch
access.redhat.com/errata/RHSA-2011:1293
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=734583