Summary
This host is running Squid and is prone to Denial of Service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service via a crafted auth header.
Solution
Apply patches or upgrade to the squid version 3.0.STABLE23 or 3.1.0.16 http://www.squid-cache.org/Download/
http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch
*****
NOTE : Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The flaw is due to error in 'lib/rfc1035.c' when, processing crafted DNS packet that only contains a header.
Affected
Squid Version 2.x, 3.0 to 3.0.STABLE22, and 3.1 to 3.1.0.15
References
Severity
Classification
-
CVE CVE-2010-0308 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities