Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid 3.5.x < 3.5.9 Multiple DoS

High

Synopsis

The remote proxy server is affected by multiple Denial of Service vulnerabilities.

Description

Versions of Squid 3.5.x prior to 3.5.9 are potentially affected by by the following vulnerabilities :

- A denial of service vulnerability exists in file 'bio.cc' when handling hello messages. A remote attacker can exploit this to cause an infinite loop. (OSVDB 127754) - An integer overflow condition exists in file 'bio.cc' due to improper validation of user-supplied input. A remote attacker can exploit this to crash the proxy, resulting in a denial of service. (OSVDB 127762)

Solution

Either upgrade to Squid version 3.5.9 or later, or apply the vendor-supplied patch.