Описание
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-6239
- https://bugzilla.redhat.com/show_bug.cgi?id=410181
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10915
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00497.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00507.html
- http://bugs.gentoo.org/show_bug.cgi?id=201209
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
- http://secunia.com/advisories/27910
- http://secunia.com/advisories/28091
- http://secunia.com/advisories/28109
- http://secunia.com/advisories/28350
- http://secunia.com/advisories/28381
- http://secunia.com/advisories/28403
- http://secunia.com/advisories/28412
- http://secunia.com/advisories/28814
- http://secunia.com/advisories/34467
- http://security.gentoo.org/glsa/glsa-200801-05.xml
- http://security.gentoo.org/glsa/glsa-200903-38.xml
- http://www.debian.org/security/2008/dsa-1482
- http://www.kb.cert.org/vuls/id/232881
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:002
- http://www.redhat.com/support/errata/RHSA-2007-1130.html
- http://www.securityfocus.com/bid/26687
- http://www.securitytracker.com/id?1019036
- http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
- http://www.squid-cache.org/Versions/v2/2.6/changesets/11780.patch
- http://www.ubuntu.com/usn/usn-565-1
- http://www.vupen.com/english/advisories/2007/4066
Связанные уязвимости
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.
The "cache update reply processing" functionality in Squid 2.x before ...
ELSA-2007-1130: Moderate: squid security update (MODERATE)