CVE-2010-2951
https://notcve.org/view.php?id=CVE-2010-2951
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. dns_internal.cc en Squid 3.1.6, cuando la resolución DNS IPv6 no está habilitada, accede a un socket inválido durante una petición DNS TCP IPv4, lo que permite a atacantes remotos provocar una denegación de servicio (por falta de confirmación y salida del demonio) mediante vectores que disparan una respuesta DNS IPv4 con el bit TC configurado. • http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 http://bugs.gentoo.org/show_bug.cgi?id=334263 http://bugs.squid-cache.org/show_bug.cgi?id=3009 http://bugs.squid-cache.org/show_bug.cgi?id=3021 http://marc.info/?l=squid-users&m=128263555724981&w=2 http://www.openwall.com/lists/oss-security/2010/08/24/6 http://www.openwall.com/lists/oss-security/2010/08/24/7 http://www.openwall.com/lists/oss-security/2010/08/25/2 http://www.o •
CVE-2010-3072 – Squid: Denial of service due internal error in string handling (SQUID-2010:3)
https://notcve.org/view.php?id=CVE-2010-3072
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Las funciones de comparación de cadenas en String.cci en Squid v3.x anteriores a v3.1.8 y v3.2.x anteriores a v3.2.0.2 permite a atacantes remotos provocar una denegación de servicio (desreferenciación a puntero nulo y caída del demonio) a través de una petición manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41298 http://secunia.com/advisories/41477 http://secunia.com/advisories/41534 http://www.debian.org/security/2010/dsa-2111 http://www.openwall.com/lists/oss-security/2010/09/05/2 http://www.openwall.com/lists/oss-se •
CVE-2010-0639
https://notcve.org/view.php?id=CVE-2010-0639
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. La función htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versión 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versión 3.0 anterior a 3.0.STABLE24, permite que los atacantes remotos causen una denegación de servicio (desreferencia de puntero NULL y bloqueo del demonio) por medio de paquetes creados hacia el puerto HTCP. • http://bugs.squid-cache.org/show_bug.cgi?id=2858 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html http://osvdb.org/62297 http://secunia.com/advisories/38812 http://www.securityfocus.com/bid/38212 http://www.securitytracker.com/id?1023587 http://www.squid-cache.org/Advisories/SQUID-2010_2.txt http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http: •
CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://osvdb.org/62044 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.securityfocus.com/bid/37522 http://www.securitytracker.com/id?1023520 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www. • CWE-20: Improper Input Validation •
CVE-2009-2855 – squid: DoS (100% CPU use) while processing certain external ACL helper HTTP headers
https://notcve.org/view.php?id=CVE-2009-2855
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. La función strListGetItem en src/HttpHeaderTools.c en Squid v2.7 a permite a los atacantes remotos causar una denegación de servicio a través de una cabecera auth manipulada con ciertos delimitadores coma que lanzan un bucle infinito de llamadas a la función strcspn. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 http://www.securityfocus.com/bid/36091 http://www.securitytracker.com/id?1022757 http://www.squid-cache.org/bugs/show_bug.cgi?id=2541 http:/ • CWE-20: Improper Input Validation •