CVE-2008-1612

Related Files

Gentoo Linux Security Advisory 200903-38

Posted Mar 25, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-38 - Multiple vulnerabilities have been found in Squid which allow for remote Denial of Service attacks. The arrayShrink function in lib/Array.c can cause an array to shrink to 0 entries, which triggers an assert error. Versions less than 2.7.6 are affected.

tags | advisory, remote, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2007-6239, CVE-2008-1612, CVE-2009-0478

SHA-256 | 8e7a23103f5c174d2c66e43c603c3eae5f718455c874e000d29ca014a51a857e

Download | Favorite | View

Debian Linux Security Advisory 1646-2

Posted Oct 11, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1646-2 - In DSA 1646-1, an update was announced for a denial of service vulnerability in squid, a caching proxy server. Due to an error in packaging and in testing, the updated packages did not correct the weakness. An updated release is available which corrects the error. A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.

tags | advisory, denial of service

systems | linux, debian

advisories | CVE-2008-1612

SHA-256 | c86b7cac5874a3f1851233619e56e4f46d095a57079707a883b872a5b19e88c9

Download | Favorite | View

Debian Linux Security Advisory 1646-1

Posted Oct 7, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1646-1 - A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a denial of service condition against squid.

tags | advisory, denial of service

systems | linux, debian

advisories | CVE-2008-1612

SHA-256 | 08b62230ab38873cf91fbda4034f7ddc8d7c795e7f82a778ff3bf5270a2f1fc7

Download | Favorite | View

Mandriva Linux Security Advisory 2008-134

Posted Jul 10, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2008-1612

SHA-256 | d0d3c8b5ed8a1da403fb42d6a0ee7b6726a9aaa5ff7a50b893de74b1a75cc8ee

Download | Favorite | View

Ubuntu Security Notice 601-1

Posted Apr 14, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 601-1 - It was discovered that Squid did not perform proper bounds checking when processing cache update replies. A remote authenticated user may be able to trigger an assertion error and cause a denial of service. This vulnerability is due to an incorrect fix for CVE-2007-6239.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2007-6239, CVE-2008-1612

SHA-256 | 0c0ababe57cbd5b653e96a773f52efe8a94122769b245b42563aee9373fad61c

Download | Favorite | View