Squid 'lib/rfc1035.c' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Squid and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service via a crafted auth header.

Solution

Apply patches or upgrade to the squid version 3.0.STABLE23 or 3.1.0.16 http://www.squid-cache.org/Download/ http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch ***** NOTE : Ignore this warning, if above mentioned patch is already applied. *****

Insight

The flaw is due to error in 'lib/rfc1035.c' when, processing crafted DNS packet that only contains a header.

Affected

Squid Version 2.x, 3.0 to 3.0.STABLE22, and 3.1 to 3.1.0.15

References

http://secunia.com/advisories/38451
http://secunia.com/advisories/38455
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
http://www.vupen.com/english/advisories/2010/0260
http://xforce.iss.net/xforce/xfdb/56001

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0308
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P

Related Vulnerabilities

CUPS 'scheduler/select.c' Denial Of Service Vulnerability
Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities
Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
DB2 DOS
Avahi Denial of Service Vulnerability

Take action and discover your vulnerabilities