CVE-2014-6270

Опубликовано: 12 сент. 2014

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://seclists.org/oss-sec/2014/q3/542
Patch
Third Party Advisory
VDB Entry
http://seclists.org/oss-sec/2014/q3/550
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://www.securityfocus.com/bid/69686
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2921-1
https://bugzilla.novell.com/show_bug.cgi?id=895773
Issue Tracking
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1139967
Issue Tracking
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95873
https://security.gentoo.org/glsa/201607-01
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://seclists.org/oss-sec/2014/q3/542
Patch
Third Party Advisory
VDB Entry
http://seclists.org/oss-sec/2014/q3/550
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://www.securityfocus.com/bid/69686
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2921-1
https://bugzilla.novell.com/show_bug.cgi?id=895773
Issue Tracking
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1139967
Issue Tracking
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.4.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.4.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable21:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable22:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.6.stable23:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:2.7.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.18201

Средний

6.8 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2014-6270

ubuntu

около 11 лет назад

CVE-2014-6270

redhat

около 11 лет назад

CVE-2014-6270

debian

около 11 лет назад

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squi ...

GHSA-9v4x-8f3c-4hmw

github

больше 3 лет назад

BDU:2015-00691

fstec

около 11 лет назад

Уязвимость программного обеспечения Squid HTTP Proxy Server, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 95%

0.18201

Средний

6.8 Medium

CVSS2

Дефекты

CWE-119