Squid External Auth Header Parser DOS Vulnerabilities Network Vulnerability

Summary

This host is running Squid and is prone to Denial Of Service vulnerabilities.

Impact

Successful exploitation could allow remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

Solution

Upgrade to Squid Version 3.1.4 or later, For further updates refer, http://www.squid-cache.org/Download/

Insight

The flaw is due to error in 'strListGetItem()' function within 'src/HttpHeaderTools.c'.

Affected

Squid Version 2.7.X

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982
http://www.openwall.com/lists/oss-security/2009/08/03/3

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2855

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
Comodo Internet Security Denial of Service Vulnerability-02
freeFTPD PORT Command Denial of Service Vulnerability
Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
DNS Amplification Attacks

Take action and discover your vulnerabilities