Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702631
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2631-1 (squid3 - denial of service)
Summary:Squid3, a fully featured Web proxy cache, is prone to a denial of;service attack due to memory consumption caused by memory leaks in;cachemgr.cgi:;;CVE-2012-5643;squid's cachemgr.cgi was vulnerable to excessive resource use.;A remote attacker could exploit this flaw to perform a denial of;service attack on the server and other hosted services.;;CVE-2013-0189The original patch for CVE-2012-5643;;was incomplete. A remote attacker still could exploit this flaw;to perform a denial of service attack.
Description:Summary:
Squid3, a fully featured Web proxy cache, is prone to a denial of
service attack due to memory consumption caused by memory leaks in
cachemgr.cgi:

CVE-2012-5643
squid's cachemgr.cgi was vulnerable to excessive resource use.
A remote attacker could exploit this flaw to perform a denial of
service attack on the server and other hosted services.

CVE-2013-0189The original patch for CVE-2012-5643

was incomplete. A remote attacker still could exploit this flaw
to perform a denial of service attack.

Affected Software/OS:
squid3 on Debian Linux

Solution:
For the stable distribution (squeeze), these problems have been fixed in
version 3.1.6-1.2+squeeze3.

For the testing distribution (wheezy), these problems have been fixed in
version 3.1.20-2.1.

For the unstable distribution (sid), these problems have been fixed in
version 3.1.20-2.1.

We recommend that you upgrade your squid3 packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-0189
BugTraq ID: 57646
http://www.securityfocus.com/bid/57646
Debian Security Information: DSA-2631 (Google Search)
http://www.debian.org/security/2013/dsa-2631
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch
https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9
http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html
http://secunia.com/advisories/52024
http://secunia.com/advisories/54839
SuSE Security Announcement: SUSE-SU-2016:1996 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
SuSE Security Announcement: SUSE-SU-2016:2089 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
SuSE Security Announcement: openSUSE-SU-2013:1436 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
SuSE Security Announcement: openSUSE-SU-2013:1443 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
http://www.ubuntu.com/usn/USN-1713-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-5643
http://openwall.com/lists/oss-security/2012/12/17/4
RedHat Security Advisories: RHSA-2013:0505
http://rhn.redhat.com/errata/RHSA-2013-0505.html
http://www.securitytracker.com/id?1027890
SuSE Security Announcement: openSUSE-SU-2013:0162 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
SuSE Security Announcement: openSUSE-SU-2013:0186 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
http://ubuntu.com/usn/usn-1713-1
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.