Squid Proxy Failed DNS Lookup Random Error Messages Information Disclosure

Medium Log Correlation Engine Plugin ID 801044

Synopsis

The remote proxy can be tricked into disclosing portions of its memory.

Description

The remote host running a Squid proxy on this port.
There is a vulnerability in the remote version of this software that may allow an attacker to disclose the content of its memory by causing the use of a freed pointer.

Solution

Upgrade to Squid 2.5.STABLE8 or 3.0-PRE4 or apply the vendor patches.

See Also

bugs.squid-cache.org/show_bug.cgi?id=1143

Plugin Details

Severity: Medium

ID: 801044

File Name: 801044.prm

Family: Web Servers

Nessus ID: 15929

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:ND

Reference Information

CVE: CVE-2004-2479

BID: 11865