336217 – <=net-proxy/squid-{3.0.25,3.1.7} DOS

Bug 336217 - <=net-proxy/squid-{3.0.25,3.1.7} DOS

Summary: <=net-proxy/squid-{3.0.25,3.1.7} DOS

Status:	RESOLVED DUPLICATE of bug 334263

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.squid-cache.org/Versions/v...
Whiteboard:	B3 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2010-09-06 13:21 UTC by Stefan Behte (RETIRED)
Modified:	2010-09-07 19:22 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2010-09-06 13:21:27 UTC

From $URL: 

Problem Description:

 Due to an internal error in string handling Squid is vulnerable
 to a denial of service attack when processing specially crafted
 requests.

Severity:

 This problem allows any trusted client to perform a denial of
 service attack on the Squid service.

 There are applications already in general public use which can
 trigger this problem for 3.1 and 3.2 on occasion without intended
 malice.


Patches:
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-09-07 19:22:53 UTC


*** This bug has been marked as a duplicate of bug 334263 ***