Squid versions 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 remote HTTP version parsing denial of service exploit.
c572f7e6a9191df0a632e8307cd6f92f5b07e7870cda79fd59237c2ba2255b67Secunia Security Advisory - A vulnerability has been reported in SquidClamav, which can be exploited by malicious people to cause a DoS (Denial of Service).
b26168a03d13e1c5db9809741d8c78d01f064371d233aedf2feec8bbfe47941aMySQL Squid Access Report version 2.1.4 suffers from an html injection vulnerability.
9ef08e7e97feb92f78a981eb4bf8bf5381847ef326753e6e48890bc57bb3df6eMcAfee Web Gateway and Squid Proxy version 3.1.19 suffers from a bypass vulnerability due to putting trust in Host headers. Proof of concept tool included. Squid is only vulnerable to the attacks if the filtered site is using SSL.
fd5a23a84846044a1ea5a10e1231aba1d4783081f27119ecd5de07b7485b6ad5Secunia Security Advisory - SUSE has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
d33f4a1fcee50637f7606b11719b307243da6cd7d78fe79ad0c0a478f82186bcSecunia Security Advisory - Oracle has acknowledged a vulnerability in Squid included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
203db2eb1616aeb486329537ac8b80de3d7e00518c9bc0df5d6ff4de013efed5Secunia Security Advisory - SUSE has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
6ac9e1ce6e943a6388c6e7caee2615cd92d24b4022e758a21dceb7cdbe1e8709Secunia Security Advisory - Debian has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
daa2670b24e4b27d7d1df0db59e48b94f3f5dc3b5af3a5ca736870200d4e2b67Debian Linux Security Advisory 2381-1 - It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.
17e34658a97477a20eed60bd15f3b6425fcbe048094fb417f5bec8484204a56cMandriva Linux Security Advisory 2011-193 - The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. The updated packages have been patched to correct this issue.
7cc994dd5dc1c1d61d6b7854d62ddbed4330325a505629aa1262a3dfcded25f0Secunia Security Advisory - Red Hat has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
0f3514469357fa136804029d53860d91c7e11a5c84359f31700d4595f177b5e4Red Hat Security Advisory 2011-1791-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
9462f28ff2caece7931bb6bc345528dd2407fca7d2940e8d4d8ed21ebb083998Secunia Security Advisory - Red Hat has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
584e982c0b5f38e9e62d0c74329c086a68ba647b8226decbff885ac6a5e668acSecunia Security Advisory - Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
7fdbe45771b8bcac2300aa98558369c87e1be6e342270e7c9fed50f25d478820Secunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
87dcbd57f51d620e49ad945e298dfd988c4cd86f32ba4351cd79dbfe641465f4Secunia Security Advisory - Gentoo has issued an update for squid. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
5e31ee958f0f8f0b8764e563481735b5405bedd48e137ac233cb0b1e64fa33ccGentoo Linux Security Advisory 201110-24 - Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a denial of service. Versions less than 3.1.15 are affected.
81093ea2eca3730ec409b6fd39ca3a3cb38e02d4ea76813b10e63d559aef7276Mandriva Linux Security Advisory 2011-150 - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service or possibly have unspecified other impact via a long line in a response.
5e0f011b503708fa29fd1e15a76130866cbc07147d7f96216c38d618f2d858f4Red Hat Security Advisory 2011-1293-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically.
ea39bfc892a77fdbe8a6f552fe2926423db15874fcc35fa5cc0dfca4f6715324Secunia Security Advisory - Debian has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
d5a6636a521f681877f0d5a48a60659f9cb764238e3e6c2f2bcd819ba093bc6aDebian Linux Security Advisory 2304-1 - Ben Hawkes discovered that squid3, a full featured Web Proxy cache (HTTP proxy), is vulnerable to a buffer overflow when processing gopher server replies. An attacker can exploit this flaw by connecting to a gopher server that returns lines longer than 4096 bytes. This may result in denial of service conditions (daemon crash) or the possibly the execution of arbitrary code with rights of the squid daemon.
d12e9e5264cc5c0d43a122aee60efae5e71d32773d9be898243e6624918f8fa9Secunia Security Advisory - SUSE has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
ea5007697ff4d6ab1635d04c8a7504eb605eadc9bd36e8f48aeabd3cec53512bSecunia Security Advisory - Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
6b4e5ce7b3b271d9884658ae7ae21510add126025094ecef433298ed3c52b8deSecunia Security Advisory - A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
0dd702eba672a1cbcb3581e097a111a02685a91cb1a4415f6d54818de8c622bfSecunia Security Advisory - Red Hat has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
3c8882715eefed2a89dfedd6ce83ad4741f74f5f6a6f5907fe918245c4f5162fMandriva Linux Security Advisory 2010-187 - The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service via a crafted request.
62bb8c131ea11480f8be298f95725f47b12bd2ec5b1d6fd387f72eb5d0346516
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed