Summary
Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi:
CVE-2012-5643
squid's cachemgr.cgi was vulnerable to excessive resource use.
A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services.
CVE-2013-0189The original patch for CVE-2012-5643
was incomplete. A remote attacker still could exploit this flaw to perform a denial of service attack.
Solution
For the stable distribution (squeeze), these problems have been fixed in version 3.1.6-1.2+squeeze3.
For the testing distribution (wheezy), these problems have been fixed in version 3.1.20-2.1.
For the unstable distribution (sid), these problems have been fixed in version 3.1.20-2.1.
We recommend that you upgrade your squid3 packages.
Insight
Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects.
Affected
squid3 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-5643, CVE-2013-0189 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities