squid -- Denial of Service vulnerability in HTCP

Description:

Squid security advisory 2010:2 reports:

Due to incorrect processing Squid is vulnerable to a denial of service attack when receiving specially crafted HTCP packets.

This problem allows any machine to perform a denial of service attack on the Squid service when its HTCP port is open.

References:

CVE name CVE-2010-0639
URL: <http://www.squid-cache.org/Advisories/SQUID-2010_2.txt>

Affects:

squid >=2.7.1 <2.7.7_4
squid >=3.0.1 <3.0.24

portaudit: squid -- Denial of Service vulnerability in HTCP

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>