Squid sslConnectTimeout() State Error Lets Remote Users Crash Squid
|
|
SecurityTracker Alert ID: 1014846
|
|
SecurityTracker URL: http://securitytracker.com/id?1014846
|
|
CVE Reference: CVE-2005-2796
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Sep 2 2005
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.5
|
Description: A vulnerability was reported in Squid. A remote user can cause the target service to crash.
A remote user can send specially crafted requests to trigger a segmentation fault in the sslConnectTimeout() function, causing Squid
to crash.
The vulnerability resides in '/squid/src/ssl.c'.
Alex Masterov reported this vulnerability.
|
Impact: A remote user can cause Squid to crash.
|
Solution: The vendor has issued a fix (squid-2.5.STABLE10-sslConnectTimeout.patch), available at:
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE10-sslConnectTim
eout.patch
Red Hat has issued a fix for Red Hat Enterprise Linux 2.1, 3, and 4:
https://rhn.redhat.com/errata/RHSA-2005-766.html
|
Vendor URL: www.squid-cache.org/ (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 2 Sep 2005 02:29:13 -0400
Subject: Squid vulnerability
|
Segmentation fault in sslConnectTimeout
synopsis After certain slightly odd requests Squid crashes with a segmentation fault in sslConnectTim
eout
severity Major
date 2005-09-01 20:27
bugzilla #1355
versions Squid-2.5
platforms All
patch squid-2.5.STABLE10-sslConnectTimeout.patch
http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE10-sslConnectTimeout.patch
|
|
