GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Jan 25, 2007 5:26 pm Post subject: [ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnera |
|
|
Gentoo Linux Security Advisory
Title: Squid: Multiple Denial of Service vulnerabilities (GLSA 200701-22)
Severity: normal
Exploitable: remote
Date: January 25, 2007
Bug(s): #162364
ID: 200701-22
Synopsis
Two vulnerabilities have been found in Squid which make it susceptible to
Denial of Service attacks.
Background
Squid is a multi-protocol proxy server.
Affected Packages
Package: net-proxy/squid
Vulnerable: < 2.6.7
Unaffected: >= 2.6.7
Architectures: All supported architectures
Description
Squid fails to correctly handle ftp:// URI's. There is also an error in
the external_acl queue which can cause an infinite looping condition.
Impact
An attacker could attempt to retrieve a specially crafted URI via a
Squid server causing the service to crash. If an attacker could
generate a sufficiently high load on the Squid services, they could
cause a Denial of Service by forcing Squid into an infinite loop.
Workaround
There is no known workaround at this time.
Resolution
All Squid users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.7" |
References
CVE-2007-0247
CVE-2007-0248
Last edited by GLSA on Thu May 30, 2013 4:23 am; edited 2 times in total |
|