漏洞信息详情
Squid 安全漏洞
- CNNVD编号:CNNVD-201811-246
- 危害等级: 中危
- CVE编号: CVE-2018-19132
- 漏洞类型: 资源管理错误
- 发布时间: 2018-11-12
- 威胁类型: 远程
- 更新时间: 2020-08-17
- 厂 商: squid-cache
- 漏洞来源: Ubuntu
漏洞简介
Squid(全称Squid Cache)是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。
Squid 4.4之前版本中存在安全漏洞。当NMP被启用时,攻击者可借助SNMP数据包利用该漏洞造成拒绝服务。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
参考网址
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2018/11/msg00032.HTML
来源:UBUNTU
链接:https://usn.ubuntu.com/4059-1/
来源:MISC
链接:https://github.com/squid-cache/squid/pull/313
来源:MISC
链接:http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch
来源:www.debian.org
链接:https://www.debian.org/lts/security/2020/dla-2278
来源:www.debian.org
链接:https://www.debian.org/lts/security/2020/dla-2278-2
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2020/07/msg00009.HTML
来源:MISC
链接:http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/4059-1/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153648/Ubuntu-Security-Notice-USN-4059-1.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2363.2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2363/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2620.2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2620/
受影响实体
- Squid-Cache Squid:2.0
- Squid-Cache Squid:2.1
- Squid-Cache Squid:2.5.Stable10
- Squid-Cache Squid:2.2
- Squid-Cache Squid:2.3
补丁
- Squid 安全漏洞的修复措施
评论