CVE-2005-0718
CVSS5.0
发布时间 :2005-04-14 00:00:00
修订时间 :2010-08-21 00:26:53
NMCOPS    

[原文]Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.


[CNNVD]Squid Proxy Aborted Connection远程拒绝服务漏洞(CNNVD-200504-039)

        squid是一个缓存internet数据的一个软件,它接收用户的下载申请,并自动处理所下载的数据。也就是说,当一个用户象要下载一个主页时,它向 squid发出一个申请,要squid替它下载,然后squid连接所申请网站并请求该主页,接着把该主页传给用户同时保留一个备份,当别的用户申请同样的页面时,squid把保存的备份立即传给用户,使用户觉得速度相当快。squid可以代理http,ftp,gopher,ssl,wais等协议。
        Squid 2.5.STABLE7及之前版本使得远程攻击者可以通过终止(1)PUT或(2)POST请求中的连接,导致Squid访问之前释放的内存,从而发起拒绝服务攻击(记忆段错误)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:squid:squid:2.5.6
cpe:/a:squid:squid:2.2.stable5
cpe:/a:squid:squid:2.5_.stable3
cpe:/a:squid:squid:2.2.stable1
cpe:/a:squid:squid:2.3_.stable4
cpe:/a:squid:squid:2.4.stable4
cpe:/a:squid:squid:2.2.pre2
cpe:/a:squid:squid:2.5_.stable4
cpe:/a:squid:squid:2.3.stable4
cpe:/a:squid:squid:2.5_.stable5
cpe:/a:squid:squid:2.5_stable4
cpe:/a:squid:squid:2.0.patch2
cpe:/a:squid:squid:2.5.stable7
cpe:/a:squid:squid:2.2.devel4
cpe:/a:squid:squid:2.3_.stable5
cpe:/a:squid:squid:2.2.stable4
cpe:/a:squid:squid:2.0.release
cpe:/a:squid:squid:2.4.stable3
cpe:/a:squid:squid:2.5_.stable6
cpe:/a:squid:squid:2.5.stable5
cpe:/a:squid:squid:2.4
cpe:/a:squid:squid:2.1.pre3
cpe:/a:squid:squid:2.4_.stable7
cpe:/a:squid:squid:2.0_patch2
cpe:/a:squid:squid:2.0.patch1
cpe:/a:squid:squid:2.5.stable3
cpe:/a:squid:squid:2.1.patch1
cpe:/a:squid:squid:2.4_.stable6
cpe:/a:squid:squid:2.3.stable5
cpe:/a:squid:squid:2.4.stable6
cpe:/a:squid:squid:2.0.pre1
cpe:/a:squid:squid:2.1.pre1
cpe:/a:squid:squid:2.5.stable1
cpe:/a:squid:squid:2.4.stable1
cpe:/a:squid:squid:2.1_patch2
cpe:/a:squid:squid:2.1.patch2
cpe:/a:squid:squid:2.1.release
cpe:/a:squid:squid:2.3.stable3
cpe:/a:squid:squid:2.5_.stable1
cpe:/a:squid:squid:2.5.stable4
cpe:/a:squid:squid:2.3.stable2
cpe:/a:squid:squid:2.4.stable2
cpe:/a:squid:squid:2.2.stable2
cpe:/a:squid:squid:2.5_stable3
cpe:/a:squid:squid:2.4.stable7
cpe:/a:squid:squid:2.3.devel3
cpe:/a:squid:squid:2.1.pre4
cpe:/a:squid:squid:2.5.stable6
cpe:/a:squid:squid:2.5.stable2
cpe:/a:squid:squid:2.2.stable3
cpe:/a:squid:squid:2.2.pre1
cpe:/a:squid:squid:2.4_stable7
cpe:/a:squid:squid:2.5_stable9
cpe:/a:squid:squid:2.2.devel3
cpe:/a:squid:squid:2.3_stable5
cpe:/a:squid:squid:2.4_.stable2
cpe:/a:squid:squid:2.3.devel2
cpe:/a:squid:squid:2.3.stable1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11562Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0718
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0718
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-039
(官方数据源) CNNVD

- 其它链接及资源

http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
(VENDOR_ADVISORY)  CONFIRM  http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
http://www.ubuntulinux.org/support/documentation/usn/usn-111-1
(UNKNOWN)  UBUNTU  USN-111-1
http://www.squid-cache.org/bugs/show_bug.cgi?id=1224
(VENDOR_ADVISORY)  CONFIRM  http://www.squid-cache.org/bugs/show_bug.cgi?id=1224
http://www.redhat.com/support/errata/RHSA-2005-415.html
(UNKNOWN)  REDHAT  RHSA-2005:415
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
(VENDOR_ADVISORY)  CONECTIVA  CLA-2005:931
http://xforce.iss.net/xforce/xfdb/19919
(UNKNOWN)  XF  squid-put-post-dos(19919)
http://www.securityfocus.com/bid/13166
(UNKNOWN)  BID  13166
http://www.redhat.com/support/errata/RHSA-2005-489.html
(UNKNOWN)  REDHAT  RHSA-2005:489
http://secunia.com/advisories/12508
(UNKNOWN)  SECUNIA  12508
http://fedoranews.org/updates/FEDORA--.shtml
(UNKNOWN)  FEDORA  FLSA-2006:152809

- 漏洞信息

Squid Proxy Aborted Connection远程拒绝服务漏洞
中危 其他
2005-04-14 00:00:00 2005-10-20 00:00:00
远程  
        squid是一个缓存internet数据的一个软件,它接收用户的下载申请,并自动处理所下载的数据。也就是说,当一个用户象要下载一个主页时,它向 squid发出一个申请,要squid替它下载,然后squid连接所申请网站并请求该主页,接着把该主页传给用户同时保留一个备份,当别的用户申请同样的页面时,squid把保存的备份立即传给用户,使用户觉得速度相当快。squid可以代理http,ftp,gopher,ssl,wais等协议。
        Squid 2.5.STABLE7及之前版本使得远程攻击者可以通过终止(1)PUT或(2)POST请求中的连接,导致Squid访问之前释放的内存,从而发起拒绝服务攻击(记忆段错误)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Turbolinux Appliance Server Hosting Edition 1.0
        Turbolinux squid-2.5.STABLE6-21.i586.rpm
        Turbolinux Appliance Server 1.0 Hosting Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux Turbolinux Server 10.0
        Turbolinux squid-2.5.STABLE6-21.i586.rpm
        Turbolinux 10 Server
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-2.5.STABLE6-21.i586.rpm
        Turbolinux squid-debug-2.5.STABLE6-21.i586.rpm
        Turbolinux 10 Server
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/squid-debug-2.5.STABLE6-21.i586.rpm
        Squid Web Proxy Cache 2.4 .STABLE6
        RedHat squid-2.4.STABLE7-0.73.3.legacy.i386.rpm
        Red Hat Linux 7.3:
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/squid-2.4.STA BLE7-0.73.3.legacy.i386.rpm
        Squid Web Proxy Cache 2.5 .STABLE3
        RedHat squid-2.5.STABLE3-2.fc1.6.legacy.i386.rpm
        Fedora Core 1:
        http://download.fedoralegacy.org/fedora/1/updates/i386/squid-2.5.STABL E3-2.fc1.6.legacy.i386.rpm
        Squid Web Proxy Cache 2.5 .STABLE7
        Squid squid-2.5.STABLE7-post.patch
        http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7- post.patch
        Squid Web Proxy Cache 2.5 .STABLE1
        RedHat squid-2.5.STABLE1-9.10.legacy.i386.rpm
        Red Hat Linux 9:
        http://download.fedoralegacy.org/redhat/9/updates/i386/squid-2.5.STABL E1-9.10.legacy.i386.rpm
        Squid Web Proxy Cache 2.5 .STABLE5
        Conectiva squid-2.5.5-63116U10_8cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-2.5.5-63116U10_8cl.i 386.rpm
        Conectiva squid-2.5.5-76327U90_10cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-2.5.5-76327U90_10cl.i 386.rpm
        Conectiva squid-auth-2.5.5-63116U10_8cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-auth-2.5.5-63116U10_ 8cl.i386.rpm
        Conectiva squid-auth-2.5.5-76327U90_10cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-auth-2.5.5-76327U90_1 0cl.i386.rpm
        Conectiva squid-extra-templates-2.5.5-63116U10_8cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/10/RPMS/squid-extra-templates-2.5. 5-63116U10_8cl.i386.rpm
        Conectiva squid-extra-templates-2.5.5-76327U90_10cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/9/RPMS/squid-extra-templates-2.5.5 -76327U90_10cl.i386.rpm
        RedHat squid-2.5.STABLE9-1.FC2.4.legacy.i386.rpm
        Fedora Core 2:
        http://download.fedoralegacy.org/fedora/2/updates/i386/squid-2.5.STABL E9-1.FC2.4.legacy.i386.rpm
        Ubuntu squid-cgi_2.5.5-6ubuntu0.7_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.7_amd64.deb
        Ubuntu squid-cgi_2.5.5-6ubuntu0.7_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.7_i386.deb
        Ubuntu squid-cgi_2.5.5-6ubuntu0.7_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5. 5-6ubuntu0.7_powerpc.deb
        Ubuntu squid-common_2.5.5-6ubuntu0.7_all.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5 -6ubuntu0.7_all.deb
        Ubuntu squid_2.5.5-6ubuntu0.7_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.7_amd64.deb
        Ubuntu squid_2.5.5-6ubuntu0.7_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.7_i386.deb
        Ubuntu squid_2.5.5-6ubuntu0.7_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubunt u0.7_powerpc.deb
        Ubuntu squidclient_2.5.5-6ubuntu0.7_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.7_amd64.deb
        Ubuntu squidclient_2.5.5-6ubuntu0.7_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.7_i386.deb
        Ubuntu squidclient_2.5.5-6ubuntu0.7_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2. 5.5-6ubuntu0.7_powerpc.deb
        Turbolinux Turbolinux Workstation 7.0
        Turbolinux squid-2.5.STABLE6-21.i586.rpm
        Turbolinux 7 Workstation
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/squid-2.5.STABLE6-21.i586.rpm
        

- 漏洞信息 (F37221)

Ubuntu Security Notice 111-1 (PacketStormID:F37221)
2005-04-20 00:00:00
Ubuntu  ubuntu.com
advisory,remote,denial of service
linux,ubuntu
CVE-2005-0718
[点击下载]

Ubuntu Security Notice USN-111-1 - A remote Denial of Service vulnerability has been discovered in Squid. Versions of ubunto up to 2.5.5-6ubuntu0.7 may contain vulnerable versions of squid.

===========================================================
Ubuntu Security Notice USN-111-1	     April 14, 2005
squid vulnerability
CAN-2005-0718
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

squid

The problem can be corrected by upgrading the affected package to
version 2.5.5-6ubuntu0.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability has been discovered in Squid.
If the remote end aborted the connection during a PUT or POST request,
Squid tried to free an already freed part of memory, which eventually
caused the server to crash.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.diff.gz
      Size/MD5:   275491 d294a0441d7e2de0da9341eace2c7e73
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7.dsc
      Size/MD5:      652 1816d94b51dc62c5377504600fe84b91
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5.orig.tar.gz
      Size/MD5:  1363967 6c7f3175b5fa04ab5ee68ce752e7b500

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid-common_2.5.5-6ubuntu0.7_all.deb
      Size/MD5:   190750 ff6a2988ea2399fcaa916ae5c39323e1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_amd64.deb
      Size/MD5:    90162 64c8782355756f2dc21a2a4bd405f512
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_amd64.deb
      Size/MD5:   812954 b2d4e53f212ce58fd33e650dd2b5014a
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_amd64.deb
      Size/MD5:    71526 1ce2d80bda1f61c56b1541fd3eda4e77

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_i386.deb
      Size/MD5:    88692 67b6ed2744f38d3e0033445f7ddd30e2
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_i386.deb
      Size/MD5:   728956 0383caf202387afd18855a77f7a349a0
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_i386.deb
      Size/MD5:    70260 5765c384fdaa1bb4c172f5bb2ecf2bc8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squid-cgi_2.5.5-6ubuntu0.7_powerpc.deb
      Size/MD5:    89612 7c28105327bf3fc664d4a679e231625f
    http://security.ubuntu.com/ubuntu/pool/main/s/squid/squid_2.5.5-6ubuntu0.7_powerpc.deb
      Size/MD5:   796392 70e394cace6837edc6643ddd33916d45
    http://security.ubuntu.com/ubuntu/pool/universe/s/squid/squidclient_2.5.5-6ubuntu0.7_powerpc.deb
      Size/MD5:    71030 edc5b5f6f79e958bb701ba4f4fb9c19d
    

- 漏洞信息

15443
Squid Aborted PUT/POST Request DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-03 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Squid Proxy Aborted Connection Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 13166
Yes No
2005-04-14 12:00:00 2007-02-22 05:46:00
Henrik Nordstrom <hno@squid-cache.org> is credited with the discovery of this issue.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Squid Web Proxy Cache 2.5 .STABLE9
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
Squid Web Proxy Cache 2.5 .STABLE8
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Squid Web Proxy Cache 2.5 .STABLE7
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Squid Web Proxy Cache 2.5 .STABLE6
+ Mandriva Linux Mandrake 10.1 x86_64
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Squid Web Proxy Cache 2.5 .STABLE5
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Squid Web Proxy Cache 2.5 .STABLE4
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
+ OpenPKG OpenPKG Current
Squid Web Proxy Cache 2.5 .STABLE3
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenPKG OpenPKG 1.3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Fedora Core1
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Squid Web Proxy Cache 2.5 .STABLE1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ S.u.S.E. Linux Personal 8.2
Squid Web Proxy Cache 2.4 .STABLE7
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
Squid Web Proxy Cache 2.4 .STABLE6
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Squid Web Proxy Cache 2.4 .STABLE2
Squid Web Proxy Cache 2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Squid Web Proxy Cache 2.3 .STABLE5
Squid Web Proxy Cache 2.3 .STABLE4
SGI ProPack 3.0 SP5
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3

- 漏洞讨论

A remote denial-of-service vulnerability affects the Squid Proxy. The application fails to properly handle exceptional network requests. The problem presents itself when a remote attacker prematurely aborts a connection during a PUT or POST request.

A remote attacker may leverage this issue to crash the affected Squid Proxy, denying service to legitimate users.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

Please see the referenced vendor advisories for more information and fixes.


Turbolinux Appliance Server Hosting Edition 1.0

Turbolinux Turbolinux Server 10.0

Squid Web Proxy Cache 2.4 .STABLE6

Squid Web Proxy Cache 2.5 .STABLE3

Squid Web Proxy Cache 2.5 .STABLE7

Squid Web Proxy Cache 2.5 .STABLE1

Squid Web Proxy Cache 2.5 .STABLE5

Turbolinux Turbolinux Workstation 7.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站