Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

squid proxy server DoS
Published: 04.02.2010
Source: BUGTRAQ
SecurityVulns ID: 10589
Type: remote
Level: 6/10
Description: Crash on authentication, crash on DNS reply parsing.

Affected: SQUID : Squid 2.6
SQUID : squid 3.0
SQUID : Squid 2.7
CVE: CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.)
CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.)

Original document DEBIAN, [SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service (04.02.2010)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

test server