Synopsis
The remote proxy server is affected by multiple vulnerabilities.
Description
Versions of Squid 3.4.x prior to 3.4.8 are potentially affected by by the following vulnerabilities :
- An off-by-one overflow flaw exists within the SNMP processing component. By using a specially crafted UDP SNMP request, a remote attacker could exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-6270)
- There exists an array indexing flaw in the node pinger that is triggered when parsing ICMP and ICMPv6 replies, which may allow a remote attacker to crash the pinger or obtain sensitive information. (CVE-2014-7141)
- The node pinger has a flaw in function 'Icmp4::Recv' in file 'icmp/Icmp4.cc' that is triggered when parsing ICMP or ICMPv6 responses. A remote attacker could exploit this to crash the pinger or obtain sensitive information. (CVE-2014-7142)
Solution
Either upgrade to Squid version 3.4.8 or later, or apply the vendor-supplied patch.