oss-sec mailing list archives
CVE id request: squid
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 1 Apr 2008 11:17:12 +0200
Hi! Squid developers recently updated their Squid security advisory SQUID-2007_2 released few months back. It was modified to list another patch that fixes a problem introduced in previous patch. An attacker can cause squid to hit assert in the child process, causing it to exit. This is a temporary DoS, breaking existing connections and making squid unavailable for a while. New child is spawned by squid parent process. Easy to perform if attacker has control over the server, but I guess it may be possible in reverse proxy setups as well. http://marc.info/?l=squid-announce&m=120614453813157&w=2 http://www.squid-cache.org/Advisories/SQUID-2007_2.txt http://www.squid-cache.org/Versions/v2/2.6/changesets/11882.patch -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE id request: squid Tomas Hoger (Apr 01)
- Re: CVE id request: squid Steven M. Christey (Apr 01)