CVE-2016-5408

Опубликовано: 20 апр. 2016

Источник: redhat

CVSS3: 7.5

CVSS2: 5.1

Описание

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.

It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	squid	Not affected
Red Hat Enterprise Linux 6	squid34	Not affected
Red Hat Enterprise Linux 7	squid	Not affected
Red Hat Enterprise Linux 6	squid	Fixed	RHSA-2016:1573	04.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1359203squid: Buffer overflow vulnerability in cachemgr.cgi tool

7.5 High

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

CVE-2016-5408

CVSS3: 9.8

ubuntu

около 9 лет назад

CVE-2016-5408

CVSS3: 9.8

nvd

около 9 лет назад

CVE-2016-5408

CVSS3: 9.8

debian

около 9 лет назад

Stack-based buffer overflow in the munge_other_line function in cachem ...

GHSA-5f9j-8ghm-9gxx

CVSS3: 9.8

github

больше 3 лет назад

ELSA-2016-1573

oracle-oval

около 9 лет назад

ELSA-2016-1573: squid security update (MODERATE)

7.5 High

CVSS3

5.1 Medium

CVSS2