Denial of Service : Squid String Processing NULL Pointer Dereference DoS Vulnerability (SQUID-2010:3)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100789

Categoría: Denial of Service

Título: Squid String Processing NULL Pointer Dereference DoS Vulnerability (SQUID-2010:3)

Resumen: Squid is prone to a remote denial of service (DoS); vulnerability caused by a NULL pointer dereference.

Descripción: Summary:
Squid is prone to a remote denial of service (DoS)
vulnerability caused by a NULL pointer dereference.

Vulnerability Impact:
An attacker can exploit this issue to cause the application to
crash, denying service to legitimate users. Due to the nature of the issue, code execution may be
possible, however, it has not been confirmed.

Affected Software/OS:
Squid versions 3.0 through 3.0.STABLE25, 3.1 through
3.1.7 and 3.2 through 3.2.0.1.

Solution:
Updates are available. Please see the references for more
information.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3072
41298
http://secunia.com/advisories/41298
41477
http://secunia.com/advisories/41477
41534
http://secunia.com/advisories/41534
42982
http://www.securityfocus.com/bid/42982
ADV-2010-2433
http://www.vupen.com/english/advisories/2010/2433
DSA-2111
http://www.debian.org/security/2010/dsa-2111
FEDORA-2010-14222
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html
FEDORA-2010-14236
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)
http://www.openwall.com/lists/oss-security/2010/09/05/2
[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)
http://www.openwall.com/lists/oss-security/2010/09/07/7
http://www.squid-cache.org/Advisories/SQUID-2010_3.txt
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch
https://bugzilla.redhat.com/show_bug.cgi?id=630444

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100789
Categoría:	Denial of Service
Título:	Squid String Processing NULL Pointer Dereference DoS Vulnerability (SQUID-2010:3)
Resumen:	Squid is prone to a remote denial of service (DoS); vulnerability caused by a NULL pointer dereference.
Descripción:	Summary: Squid is prone to a remote denial of service (DoS) vulnerability caused by a NULL pointer dereference. Vulnerability Impact: An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Due to the nature of the issue, code execution may be possible, however, it has not been confirmed. Affected Software/OS: Squid versions 3.0 through 3.0.STABLE25, 3.1 through 3.1.7 and 3.2 through 3.2.0.1. Solution: Updates are available. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3072 41298 http://secunia.com/advisories/41298 41477 http://secunia.com/advisories/41477 41534 http://secunia.com/advisories/41534 42982 http://www.securityfocus.com/bid/42982 ADV-2010-2433 http://www.vupen.com/english/advisories/2010/2433 DSA-2111 http://www.debian.org/security/2010/dsa-2111 FEDORA-2010-14222 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html FEDORA-2010-14236 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html [oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/05/2 [oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3) http://www.openwall.com/lists/oss-security/2010/09/07/7 http://www.squid-cache.org/Advisories/SQUID-2010_3.txt http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch https://bugzilla.redhat.com/show_bug.cgi?id=630444
Copyright	Copyright (C) 2010 Greenbone AG