squid -- several remote denial of service vulnerabilities

Description:

Squid security advisory 2009:2 reports:

Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses.

Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses.

These problems allow any trusted client or external server to perform a denial of service attack on the Squid service.

Squid-2.x releases are not affected.

References:

CVE name CVE-2009-2621
CVE name CVE-2009-2622
URL: <http://www.squid-cache.org/Advisories/SQUID-2009_2.txt>

Affects:

squid >=3.0.1 <3.0.17
squid >=3.1.0.1 <3.1.0.12

portaudit: squid -- several remote denial of service vulnerabilities

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>