Squid 'DNS' Reply Remote Buffer Overflow Vulnerability Network Vulnerability

Summary

Squid is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Squid 3.1.6 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for details.

References

http://marc.info/?l=squid-users&m=128263555724981&w=2
http://www.squid-cache.org/
https://bugzilla.redhat.com/show_bug.cgi?id=62692
https://www.securityfocus.com/bid/42645

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2951
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Freefloat FTP Server Buffer Overflow Vulnerability
VMCI/HGFS VmWare Code Execution Vulnerability (Linux)
VLC Media Player USF and Text Subtitles Decoders BOF Vulnerabilities (Linux)
Novell Groupwise Client ActiveX Control Buffer Overflow Vulnerability
INN buffer overflow

Take action and discover your vulnerabilities