Gentoo Linux Security Advisory 201607-1 - Multiple vulnerabilities have been found in Squid, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 3.5.19 are affected.
f3ed5792a89c6aee3d29169c951a32dfbcc2492998847681a69bf92922eb71d4Ubuntu Security Notice 2921-1 - Sebastian Krahmer discovered that Squid incorrectly handled certain SNMP requests. If SNMP is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Alex Rousskov discovered that Squid incorrectly handled certain malformed responses. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
f84a712b7c12a4726bf1d75a8afc8c6d4f1498171252c77c3fa8930e91956d57Mandriva Linux Security Advisory 2015-103 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled. Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service. Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack when processing larger than normal ICMP or ICMPv6 packets. Due to incorrect input validation Squid pinger binary is vulnerable to denial of service or information leak attacks when processing ICMP or ICMPv6 packets.
b3a7102719ad1db82c04532795f87002757f84b9b74f8c08a14cd808e53dcbcc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed