漏洞信息详情
Squid数据验证错误导致拒绝服务漏洞
- CNNVD编号:CNNVD-200907-393
- 危害等级: 中危
- CVE编号: CVE-2009-2622
- 漏洞类型: 输入验证
- 发布时间: 2009-07-28
- 威胁类型: 远程
- 更新时间: 2009-08-12
- 厂 商: squid-cache
- 漏洞来源: Alex MontoanelliRo...
漏洞简介
Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。
由于数据验证中的多个错误,如果Squid处理了特制的请求或响应,就可能导致拒绝服务的情况。漏洞请求包括:(1) \"missing or mismatched protocol identifier,\" (2) \"missing or negative status value,\" (3) \"missing version,\" 或 (4) \"missing or invalid status number,\" ,该漏洞相关程序(a) HttpMsg.cc和(b) HttpReply.cc.
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Squid Web Proxy Cache 3.0.STABLE7
Squid b9070.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9070.patch
Squid b9074.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9074.patch
Squid b9075.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9075.patch
MandrakeSoft Linux Mandrake 2008.1 x86_64
Mandriva squid-3.0-1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-3.0-1.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-1.2mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-1.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2008.1
Mandriva squid-3.0-1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva squid-3.0-1.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-1.2mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-1.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 ia-64
Debian squid3-cgi_3.0.STABLE8-3+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny1_ia64.deb
Debian squid3-cgi_3.0.STABLE8-3+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny2_ia64.deb
Debian squid3-common_3.0.STABLE8-3+lenny1_all.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny1_all.deb
Debian squid3-common_3.0.STABLE8-3+lenny2_all.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny2_all.deb
Debian squid3_3.0.STABLE8-3+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny1_ia64.deb
Debian squid3_3.0.STABLE8-3+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny2_ia64.deb
Debian squidclient_3.0.STABLE8-3+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny1_ia64.deb
Debian squidclient_3.0.STABLE8-3+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny2_ia64.deb
MandrakeSoft Linux Mandrake 2009.1 x86_64
Mandriva squid-3.0-14.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-3.0-14.2mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-14.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-14.2mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Enterprise Server 5 x86_64
Mandriva squid-3.0-8.2mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-3.0-8.3mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-8.2mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva squid-cachemgr-3.0-8.3mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Squid Web Proxy Cache 3.0.STABLE5
Squid b9070.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9070.patch
Squid b9074.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9074.patch
Squid b9075.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9075.patch
Squid Web Proxy Cache 3.0.STABLE2
Squid b9070.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9070.patch
Squid b9074.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9074.patch
Squid b9075.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/b9075.patch
Debian Linux 5.0 alpha
Debian squid3-cgi_3.0.STABLE8-3+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny1_alpha.deb
Debian squid3-cgi_3.0.STABLE8-3+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny2_alpha.deb
Debian squid3-common_3.0.STABLE8-3+lenny1_all.deb
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.ST
参考网址
来源: www.squid-cache.org
链接:http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch
来源: VUPEN
名称: ADV-2009-2013
链接:http://www.vupen.com/english/advisories/2009/2013
来源: www.squid-cache.org
链接:http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
来源: SECTRACK
名称: 1022607
链接:http://www.securitytracker.com/id?1022607
来源: BID
名称: 35812
链接:http://www.securityfocus.com/bid/35812
来源: MANDRIVA
名称: MDVSA-2009:178
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:178
来源: MANDRIVA
名称: MDVSA-2009:161
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:161
来源: SECUNIA
名称: 36007
链接:http://secunia.com/advisories/36007
受影响实体
- Squid-Cache Squid:3.0:Stable1
- Squid-Cache Squid:3.0:Stable10
- Squid-Cache Squid:3.0:Stable11
- Squid-Cache Squid:3.0:Stable12
- Squid-Cache Squid:3.0:Stable2
补丁
暂无
评论