CVE-2009-2855

Related Files

Gentoo Linux Security Advisory 201110-24

Posted Oct 26, 2011

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-24 - Multiple vulnerabilities were found in Squid allowing attackers to execute arbitrary code or cause a denial of service. Versions less than 3.1.15 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-2621, CVE-2009-2622, CVE-2009-2855, CVE-2010-0308, CVE-2010-0639, CVE-2010-2951, CVE-2010-3072, CVE-2011-3205

SHA-256 | 81093ea2eca3730ec409b6fd39ca3a3cb38e02d4ea76813b10e63d559aef7276

Download | Favorite | View

Ubuntu Security Notice 901-1

Posted Feb 16, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 901-1 - It was discovered that Squid incorrectly handled certain auth headers. A remote attacker could exploit this with a specially-crafted auth header and cause Squid to go into an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 8.10, 9.04 and 9.10. It was discovered that Squid incorrectly handled certain DNS packets. A remote attacker could exploit this with a specially-crafted DNS packet and cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2009-2855, CVE-2010-0308

SHA-256 | 472e5fadcb06d9de00c885028393dde939535349c03d9161516f872d33f85656

Download | Favorite | View

Debian Linux Security Advisory 1991-1

Posted Feb 5, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 1991-1 - Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy.

tags | advisory, web, denial of service, vulnerability

systems | linux, debian

advisories | CVE-2009-2855, CVE-2010-0308

SHA-256 | 76282a2a2b18c48698675b168e68e95e34f7030d0bf389310347c3668f5036ea

Download | Favorite | View

Mandriva Linux Security Advisory 2009-241

Posted Jan 11, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-241 - The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. This update provides a solution to this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2009-2855

SHA-256 | 359a6ed0952583c3522734705aa8adefa5ddc6a19111b88b259ec4d12fd8f36c

Download | Favorite | View

Mandriva Linux Security Advisory 2009-241

Posted Sep 22, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-241 - The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. This update provides a solution to this vulnerability.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2009-2855

SHA-256 | 623eaf0006230b0c85b75973d1611fb7bca874c479e83596a0129baf497e83cb

Download | Favorite | View