• info
• discussion
• exploit
• solution
• references

Squid Header-Only Packets Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.


Squid Web Proxy Cache 3.0.STABLE17

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Squid Web Proxy Cache 3.0.STABLE5

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Debian Linux 5.0 alpha

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_alpha.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_alpha.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_alpha.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_alpha.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_alpha.deb

Squid Web Proxy Cache 3.0.STABLE3

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Mandriva Linux Mandrake 2008.0

• Mandriva squid-2.6.STABLE16-1.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-2.6.STABLE16-1.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 amd64

• Debian squid-cgi_2.6.5-6etch5_amd64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_amd64.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_amd64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_amd64.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squidclient_2.6.5-6etch5_amd64.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_amd64.deb

Debian Linux 4.0 ia-32

• Debian squid-cgi_2.6.5-6etch5_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_i386.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_i386.deb


• Debian squid3-cgi_3.0.PRE5-5+etch2_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.P RE5-5+etch2_i386.deb


• Debian squid3-client_3.0.PRE5-5+etch2_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3. 0.PRE5-5+etch2_i386.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squid3_3.0.PRE5-5+etch2_i386.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5- 5+etch2_i386.deb


• Debian squidclient_2.6.5-6etch5_i386.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_i386.deb

Squid Web Proxy Cache 3.0.STABLE13

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Debian Linux 5.0 armel

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_armel.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_armel.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_armel.deb

Mandriva Linux Mandrake 2009.0 x86_64

• Mandriva squid-3.0-22.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-3.0-22.2mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 mips

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb

Debian Linux 4.0 mips

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Debian Linux 5.0 sparc

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_sparc.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_sparc.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_sparc.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_sparc.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_sparc.deb

Debian Linux 4.0 arm

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Mandriva Linux Mandrake 2009.1 x86_64

• Mandriva squid-3.0-22.2mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-3.0-22.2mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 4.0 powerpc

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

Debian Linux 4.0 m68k

• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb

MandrakeSoft Enterprise Server 5

• Mandriva squid-3.0-22.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-3.0-22.2mdvmes5.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 s/390

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_s390.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_s390.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_s390.deb

Squid Web Proxy Cache 3.1.0.15

• Squid squid-3.1.0.16.tar.gz
  http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.0.16.tar.gz

Debian Linux 5.0 hppa

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_hppa.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_hppa.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_hppa.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_hppa.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_hppa.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_hppa.deb

Debian Linux 4.0 sparc

• Debian squid-cgi_2.6.5-6etch5_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6 etch5_sparc.deb


• Debian squid-common_2.6.5-6etch5_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6. 5-6etch5_all.deb


• Debian squid_2.6.5-6etch5_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch 5_sparc.deb


• Debian squid3-cgi_3.0.PRE5-5+etch2_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.P RE5-5+etch2_sparc.deb


• Debian squid3-client_3.0.PRE5-5+etch2_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3. 0.PRE5-5+etch2_sparc.deb


• Debian squid3-common_3.0.PRE5-5+etch2_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.PRE5-5+etch2_all.deb


• Debian squid3_3.0.PRE5-5+etch2_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5- 5+etch2_sparc.deb


• Debian squidclient_2.6.5-6etch5_sparc.deb
  http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5 -6etch5_sparc.deb

Debian Linux 5.0 m68k

• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb

Squid Web Proxy Cache 3.0.STABLE12

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Mandriva Linux Mandrake 2009.0

• Mandriva squid-3.0-22.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-3.0-22.2mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/

Squid Web Proxy Cache 3.1.0.11

• Squid squid-3.1.0.16.tar.gz
  http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.0.16.tar.gz

Debian Linux 5.0 ia-64

• Debian squid-cgi_2.7.STABLE3-4.1lenny1_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STA BLE3-4.1lenny1_ia64.deb


• Debian squid-common_2.7.STABLE3-4.1lenny1_all.deb
  http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7. STABLE3-4.1lenny1_all.deb


• Debian squid_2.7.STABLE3-4.1lenny1_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3 -4.1lenny1_ia64.deb


• Debian squid3-cgi_3.0.STABLE8-3+lenny3_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.S TABLE8-3+lenny3_ia64.deb


• Debian squid3-common_3.0.STABLE8-3+lenny3_all.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3. 0.STABLE8-3+lenny3_all.deb


• Debian squid3_3.0.STABLE8-3+lenny3_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABL E8-3+lenny3_ia64.deb


• Debian squidclient_3.0.STABLE8-3+lenny3_ia64.deb
  http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0. STABLE8-3+lenny3_ia64.deb

Mandriva Linux Mandrake 2008.0 x86_64

• Mandriva squid-2.6.STABLE16-1.5mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-2.6.STABLE16-1.5mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Squid Web Proxy Cache 3.0 PRE3

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Squid Web Proxy Cache 3.0 PRE1

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Squid Web Proxy Cache 3.0 PRE2

• Squid squid-3.0.STABLE22.tar.gz
  http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE22.tar.gz

Squid Web Proxy Cache 3.1 .5

• Squid squid-3.1.0.16.tar.gz
  http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.0.16.tar.gz

MandrakeSoft Corporate Server 4.0 x86_64

• Mandriva squid-2.6.STABLE1-4.7.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva squid-cachemgr-2.6.STABLE1-4.7.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/