CVE-2010-3072

MEDIUM

Description

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://secunia.com/advisories/41298

http://secunia.com/advisories/41477

http://secunia.com/advisories/41534

http://www.debian.org/security/2010/dsa-2111

http://www.openwall.com/lists/oss-security/2010/09/05/2

http://www.openwall.com/lists/oss-security/2010/09/07/7

http://www.securityfocus.com/bid/42982

http://www.squid-cache.org/Advisories/SQUID-2010_3.txt

http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch

http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch

http://www.vupen.com/english/advisories/2010/2433

https://bugzilla.redhat.com/show_bug.cgi?id=630444

Details

Source: MITRE

Published: 2010-09-20

Updated: 2011-01-14

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
75746openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)NessusSuSE Local Security Checks
medium
61048Scientific Linux Security Update : squid on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
56658GLSA-201110-24 : Squid: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
54591RHEL 6 : squid (RHSA-2011:0545)NessusRed Hat Local Security Checks
medium
50020openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)NessusSuSE Local Security Checks
medium
50014openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)NessusSuSE Local Security Checks
medium
49693Squid < 3.1.8 / 3.2.0.2 NULL Pointer Dereference Denial of ServiceNessusFirewalls
medium
49687FreeBSD : squid -- Denial of service vulnerability in request handling (e4dac715-c818-11df-a92c-0015587e2cc1)NessusFreeBSD Local Security Checks
medium
49654Mandriva Linux Security Advisory : squid (MDVSA-2010:187)NessusMandriva Local Security Checks
medium
49277Debian DSA-2111-1 : squid3 - denial of serviceNessusDebian Local Security Checks
medium
49243Fedora 12 : squid-3.1.8-1.fc12 (2010-14236)NessusFedora Local Security Checks
medium
49242Fedora 13 : squid-3.1.8-1.fc13 (2010-14222)NessusFedora Local Security Checks
medium
801043Squid < 3.1.8 / 3.2.0.2 NULL Pointer Dereference Denial of Service VulnerabilityLog Correlation EngineWeb Servers
medium
5662Squid 3.x < 3.1.8 / 3.2.x < 3.2.0.2 NULL Pointer Dereference DoSNessus Network MonitorWeb Servers
medium