FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- denial of service

Affected packages
squid < 2.7.9_4
3.1 <= squid < 3.1.23
3.2 <= squid < 3.2.6
3.3 <= squid < 3.3.0.3

Details

VuXML ID c37de843-488e-11e2-a5c9-0019996bc1f7
Discovery 2012-12-17
Entry 2012-12-28
Modified 2013-05-02

Squid developers report:

Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests.

This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host.

The nature of the attack may cause secondary effects through resource consumption on the host server.

References

CVE Name CVE-2012-5643
CVE Name CVE-2013-0189
URL http://www.squid-cache.org/Advisories/SQUID-2012_1.txt