CVE-2011-4096

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

References

http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

http://secunia.com/advisories/46609

http://secunia.com/advisories/47459

http://www.mandriva.com/security/advisories?name=MDVSA-2011:193

http://www.openwall.com/lists/oss-security/2011/10/31/5

http://www.openwall.com/lists/oss-security/2011/11/01/3

http://www.redhat.com/support/errata/RHSA-2011-1791.html

http://www.securitytracker.com/id?1026265

http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html

Details

Source: MITRE

Published: 2011-11-17

Updated: 2016-11-28

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable12:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable13:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable14:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable15:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable2:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable3:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable4:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable5:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable6:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable7:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable8:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:*:stable9:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:rc1:stable11:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* versions up to 3.1.15 (inclusive)

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
93294SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)NessusSuSE Local Security Checks
high
93271SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)NessusSuSE Local Security Checks
high
76031openSUSE Security Update : squid3 (openSUSE-SU-2012:0213-1)NessusSuSE Local Security Checks
medium
70182GLSA-201309-22 : Squid: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68401Oracle Linux 6 : squid (ELSA-2011-1791)NessusOracle Linux Local Security Checks
medium
61941Mandriva Linux Security Advisory : squid (MDVSA-2011:193)NessusMandriva Local Security Checks
medium
61199Scientific Linux Security Update : squid on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
57727SuSE 11.1 Security Update : squid3 (SAT Patch Number 5583)NessusSuSE Local Security Checks
medium
57521Debian DSA-2381-1 : squid3 - invalid memory deallocationNessusDebian Local Security Checks
medium
57376CentOS 6 : squid (CESA-2011:1791)NessusCentOS Local Security Checks
medium
57287Squid 3.1.x < 3.1.16 / 3.2.x < 3.2.0.13 DNS Replies CName Record Parsing Remote DoSNessusFirewalls
medium
57037RHEL 6 : squid (RHSA-2011:1791)NessusRed Hat Local Security Checks
medium
56864Fedora 14 : squid-3.1.16-1.fc14 (2011-15256)NessusFedora Local Security Checks
medium
56863Fedora 15 : squid-3.1.16-1.fc15 (2011-15233)NessusFedora Local Security Checks
medium