FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-0189

This CVE name corresponds to:

Entered Topic
2012-12-28 squid -- denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-0189
Phase Assigned(20121206)

Description

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

References

Source Reference
MLIST [scm-commits] 20130125 [squid/f17] CVE-2013-0189: Incomplete fix for the CVE-2012-5643
MISC http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch
MISC http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch
MISC https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9
CONFIRM http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743
CONFIRM http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=895972
CONFIRM https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029
DEBIAN DSA-2631
MANDRIVA MDVSA-2013:129
SUSE openSUSE-SU-2013:1436
SUSE openSUSE-SU-2013:1443
UBUNTU USN-1713-1
BID 57646
SECUNIA 52024
SECUNIA 54839