Computer Security
[EN] securityvulns.ru no-pyccku


squid proxy server DoS
Published:04.02.2010
Source:
SecurityVulns ID:10589
Type:remote
Threat Level:
6/10
Description:Crash on authentication, crash on DNS reply parsing.
Affected:SQUID : Squid 2.6
 SQUID : squid 3.0
 SQUID : Squid 2.7
CVE:CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.)
 CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1991-1] New squid/squid3 packages fix denial of service (04.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod