Denial of Service : Squid Security Update Advisory SQUID-2018:3

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.142632

Categoría: Denial of Service

Título: Squid Security Update Advisory SQUID-2018:3

Resumen: Squid is prone to a denial of service vulnerability due to incorrect buffer; management when processing HTTP Digest Authentication credentials.

Descripción: Summary:
Squid is prone to a denial of service vulnerability due to incorrect buffer
management when processing HTTP Digest Authentication credentials.

Vulnerability Insight:
Due to incorrect input validation the HTTP Request header parser for Digest
authentication may access memory outside the allocated memory buffer.

On systems with memory access protections this can result in the Squid process being terminated unexpectedly.
Resulting in a denial of service for all clients using the proxy.

Affected Software/OS:
Squid versions 3.3.9 - 3.5.28 and 4.x - 4.7.

Solution:
Update to version 4.8 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-12525
Bugtraq: 20190825 [SECURITY] [DSA 4507-1] squid security update (Google Search)
https://seclists.org/bugtraq/2019/Aug/42
Debian Security Information: DSA-4507 (Google Search)
https://www.debian.org/security/2019/dsa-4507
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
SuSE Security Announcement: openSUSE-SU-2019:2540 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
SuSE Security Announcement: openSUSE-SU-2019:2541 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
https://usn.ubuntu.com/4065-1/
https://usn.ubuntu.com/4065-2/

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.142632
Categoría:	Denial of Service
Título:	Squid Security Update Advisory SQUID-2018:3
Resumen:	Squid is prone to a denial of service vulnerability due to incorrect buffer; management when processing HTTP Digest Authentication credentials.
Descripción:	Summary: Squid is prone to a denial of service vulnerability due to incorrect buffer management when processing HTTP Digest Authentication credentials. Vulnerability Insight: Due to incorrect input validation the HTTP Request header parser for Digest authentication may access memory outside the allocated memory buffer. On systems with memory access protections this can result in the Squid process being terminated unexpectedly. Resulting in a denial of service for all clients using the proxy. Affected Software/OS: Squid versions 3.3.9 - 3.5.28 and 4.x - 4.7. Solution: Update to version 4.8 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-12525 Bugtraq: 20190825 [SECURITY] [DSA 4507-1] squid security update (Google Search) https://seclists.org/bugtraq/2019/Aug/42 Debian Security Information: DSA-4507 (Google Search) https://www.debian.org/security/2019/dsa-4507 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/ https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html SuSE Security Announcement: openSUSE-SU-2019:2540 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html SuSE Security Announcement: openSUSE-SU-2019:2541 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html https://usn.ubuntu.com/4065-1/ https://usn.ubuntu.com/4065-2/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH