Published: 27/01/2005 Updated: 11/10/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache prior to 2.4.STABLE7 allows remote malicious users to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openpkg openpkg 2.1
openpkg openpkg 2.2
squid squid 2.4_.stable2
squid squid 2.4_.stable6
squid squid 3.0_pre2
squid squid 3.0_pre3
openpkg openpkg current
squid squid 2.0_patch2
squid squid 2.4_.stable7
squid squid 2.5_.stable1
squid squid 2.5_.stable3
squid squid 2.3_.stable5
squid squid 2.4
squid squid 2.5_.stable6
squid squid 3.0_pre1
squid squid 2.1_patch2
squid squid 2.3_.stable4
squid squid 2.5_.stable4
squid squid 2.5_.stable5
ubuntu ubuntu linux 4.1
gentoo linux
trustix secure linux 2.0
trustix secure linux 2.1
redhat fedora core core_2.0
trustix secure linux 1.5

Synopsis squid security update Type/Severity Security Advisory: Important Topic An updated squid package that fixes a remote denial of service vulnerability is now avaliable Description Squid is a full-featured Web proxy cacheiDEFENSE reported a flaw in the squid SNMP module This flaw c ...

Recently, two Denial of Service vulnerabilities have been discovered in squid, a WWW proxy cache Insufficient input validation in the NTLM authentication handler allowed a remote attacker to crash the service by sending a specially crafted NTLMSSP packet Likewise, due to an insufficient validation of ASN1 headers, a remote attacker could restart ...

Several security vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache The Common Vulnerabilities and Exposures project identifies the following problems: CVE-1999-0710 It is possible to bypass access lists and scan arbitrary hosts and ports in the network through cachemgrcgi, which is inst ...

CWE-399 http://www.redhat.com/support/errata/RHSA-2004-591.html http://www.securityfocus.com/bid/11385 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt http://fedoranews.org/updates/FEDORA--.shtml http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities&flashstatus=false https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00122.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30914 http://secunia.com/advisories/30967 http://www.squid-cache.org/Advisories/SQUID-2008_1.txt http://www.squid-cache.org/Advisories/SQUID-2004_3.txt http://www.vupen.com/english/advisories/2008/1969/references http://marc.info/?l=bugtraq&m=109913064629327&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17688 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10931 https://access.redhat.com/errata/RHSA-2004:591 https://usn.ubuntu.com/19-1/https://nvd.nist.gov

CVE-2004-0918

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect