Summary
This host is running Squid and is prone to Denial of Service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service via a crafted auth header.
Solution
Apply patches or upgrade to the squid version 3.0.STABLE23 or 3.1.0.16 http://www.squid-cache.org/Download/
http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch
*****
NOTE : Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The flaw is due to error in 'lib/rfc1035.c' when, processing crafted DNS packet that only contains a header.
Affected
Squid Version 2.x, 3.0 to 3.0.STABLE22, and 3.1 to 3.1.0.15
References
Severity
Classification
-
CVE CVE-2010-0308 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
- Baidu Spark Browser Denial of Service Vulnerability -01 August14 (Windows)
- ejabberd 'client2server' Message Remote Denial of Service Vulnerability
- Cogent DataHub Integer Overflow Vulnerability
- Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)