FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- several remote denial of service vulnerabilities

Affected packages
3.0.1 <= squid < 3.0.17
3.1.0.1 <= squid < 3.1.0.12

Details

VuXML ID e1156e90-7ad6-11de-b26a-0048543d60ce
Discovery 2009-07-27
Entry 2009-07-27
Modified 2009-08-06

Squid security advisory 2009:2 reports:

Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses.

Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses.

These problems allow any trusted client or external server to perform a denial of service attack on the Squid service.

[source]

Squid-2.x releases are not affected.

References

CVE Name CVE-2009-2621
CVE Name CVE-2009-2622
URL http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.