Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability

Bugtraq ID:	28693
Class:	Design Error
CVE:	CVE-2008-1612
Remote:	Yes
Local:	No
Published:	Apr 09 2008 12:00AM
Updated:	Oct 07 2008 02:28PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 Squid Web Proxy Cache 3.0 PRE3 Squid Web Proxy Cache 3.0 PRE2 Squid Web Proxy Cache 3.0 PRE1 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.5 .STABLE9 Squid Web Proxy Cache 2.5 .STABLE8 Squid Web Proxy Cache 2.5 .STABLE7 Squid Web Proxy Cache 2.5 .STABLE6 Squid Web Proxy Cache 2.5 .STABLE5 Squid Web Proxy Cache 2.5 .STABLE4 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0 + OpenPKG OpenPKG Current Squid Web Proxy Cache 2.5 .STABLE3 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + OpenPKG OpenPKG 1.3 + RedHat Desktop 3.0 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux WS 3 + RedHat Fedora Core1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Squid Web Proxy Cache 2.5 .STABLE10 Squid Web Proxy Cache 2.5 .STABLE10 Squid Web Proxy Cache 2.5 .STABLE1 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 + S.u.S.E. Linux Personal 8.2 Squid Web Proxy Cache 2.4 .STABLE7 Squid Web Proxy Cache 2.4 .STABLE6 Squid Web Proxy Cache 2.4 .STABLE4 Squid Web Proxy Cache 2.4 .STABLE2 Squid Web Proxy Cache 2.4 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Squid Web Proxy Cache 2.3 .STABLE5 Squid Web Proxy Cache 2.3 .STABLE4 Squid Web Proxy Cache 2.1 PATCH2 Squid Web Proxy Cache 2.0 PATCH2 Squid Web Proxy Cache 2.6.STABLE7 Squid Web Proxy Cache 2.6.STABLE6 Squid Web Proxy Cache 2.6.STABLE5 Squid Web Proxy Cache 2.6.STABLE4 Squid Web Proxy Cache 2.6.STABLE3 Squid Web Proxy Cache 2.6.STABLE2 Squid Web Proxy Cache 2.6.STABLE17 Squid Web Proxy Cache 2.6.STABLE16 Squid Web Proxy Cache 2.6.STABLE15 Squid Web Proxy Cache 2.6.STABLE14 Squid Web Proxy Cache 2.6.STABLE13 Squid Web Proxy Cache 2.6.STABLE12 Squid Web Proxy Cache 2.6.STABLE1 Squid Web Proxy Cache 2.6 Squid Web Proxy Cache 2.5.STABLE14 Squid Web Proxy Cache 2.5.STABLE13 Squid Web Proxy Cache 2.5.STABLE12 Squid Web Proxy Cache 2.5.STABLE11 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. SLE SDK 10.SP1 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. openSUSE 10.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 x86_64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 x86_64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 + Linux kernel 2.6.5 S.u.S.E. Linux Enterprise SDK 10 SP1 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc RedHat Linux Advanced Workstation 2.1 for the Ita 2.1 IA64 RedHat Fedora 8 0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0

Not Vulnerable:	Squid Web Proxy Cache 2.6.STABLE18