CVE-2010-3072

MEDIUM

Description

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://secunia.com/advisories/41298

http://secunia.com/advisories/41477

http://secunia.com/advisories/41534

http://www.debian.org/security/2010/dsa-2111

http://www.openwall.com/lists/oss-security/2010/09/05/2

http://www.openwall.com/lists/oss-security/2010/09/07/7

http://www.securityfocus.com/bid/42982

http://www.squid-cache.org/Advisories/SQUID-2010_3.txt

http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch

http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch

http://www.vupen.com/english/advisories/2010/2433

https://bugzilla.redhat.com/show_bug.cgi?id=630444

Details

Source: MITRE

Published: 2010-09-20

Updated: 2011-01-14

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

ID	Name	Product	Family	Severity
75746	openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)	Nessus	SuSE Local Security Checks	medium
61048	Scientific Linux Security Update : squid on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
56658	GLSA-201110-24 : Squid: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
54591	RHEL 6 : squid (RHSA-2011:0545)	Nessus	Red Hat Local Security Checks	medium
50020	openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)	Nessus	SuSE Local Security Checks	medium
50014	openSUSE Security Update : squid3 (openSUSE-SU-2010:0727-1)	Nessus	SuSE Local Security Checks	medium
49693	Squid < 3.1.8 / 3.2.0.2 NULL Pointer Dereference Denial of Service	Nessus	Firewalls	medium
49687	FreeBSD : squid -- Denial of service vulnerability in request handling (e4dac715-c818-11df-a92c-0015587e2cc1)	Nessus	FreeBSD Local Security Checks	medium
49654	Mandriva Linux Security Advisory : squid (MDVSA-2010:187)	Nessus	Mandriva Local Security Checks	medium
49277	Debian DSA-2111-1 : squid3 - denial of service	Nessus	Debian Local Security Checks	medium
49243	Fedora 12 : squid-3.1.8-1.fc12 (2010-14236)	Nessus	Fedora Local Security Checks	medium
49242	Fedora 13 : squid-3.1.8-1.fc13 (2010-14222)	Nessus	Fedora Local Security Checks	medium
801043	Squid < 3.1.8 / 3.2.0.2 NULL Pointer Dereference Denial of Service Vulnerability	Log Correlation Engine	Web Servers	medium
5662	Squid 3.x < 3.1.8 / 3.2.x < 3.2.0.2 NULL Pointer Dereference DoS	Nessus Network Monitor	Web Servers	medium