Published: 10/08/2016 Updated: 27/12/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package prior to 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote malicious users to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle linux 6
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0

A buffer overflow flaw was found in the way the Squid cachemgrcgi utility processed remotely relayed Squid input When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code (CVE-2016-4051) It was found that the fix for CVE-2016-4051 did not properly prevent the stack overflow in the munge_othe ...

It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code ...

CWE-119 http://rhn.redhat.com/errata/RHSA-2016-1573.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2016-735.html

CVE-2016-5408

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect