Joined: 12 May 2004
|Posted: Thu Jan 25, 2007 5:26 pm Post subject: [ GLSA 200701-22 ] Squid: Multiple Denial of Service vulnera
|Gentoo Linux Security Advisory
Title: Squid: Multiple Denial of Service vulnerabilities (GLSA 200701-22)
Date: January 25, 2007
Two vulnerabilities have been found in Squid which make it susceptible to
Denial of Service attacks.
Squid is a multi-protocol proxy server.
Vulnerable: < 2.6.7
Unaffected: >= 2.6.7
Architectures: All supported architectures
Squid fails to correctly handle ftp:// URI's. There is also an error in
the external_acl queue which can cause an infinite looping condition.
An attacker could attempt to retrieve a specially crafted URI via a
Squid server causing the service to crash. If an attacker could
generate a sufficiently high load on the Squid services, they could
cause a Denial of Service by forcing Squid into an infinite loop.
There is no known workaround at this time.
All Squid users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/squid-2.6.7"
Last edited by GLSA on Thu May 30, 2013 4:23 am; edited 2 times in total