Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability

Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to perform boundary checks before copying user-supplied data into process buffers.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users. Attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects Squid 2.6.STABLE16 and prior versions. All Squid-3 snapshots and prereleases up to the November 28 snapshot are also vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus