Vulnerability Note VU#232881
Squid remote denial-of-service vulnerability
The Squid Proxy server contains a vulnerability that may allow an attacker to create a denial-of-service condition that affects the Squid server and systems that rely on it.
Squid Proxy Cache is a caching proxy that supports the HTTP, HTTPS, and FTP protocols. Squid can also be deployed as a reverse proxy.
From Squid Proxy Cache Security Update Advisory SQUID-2007:2
An attacker who can access the Squid proxy may be able to cause the proxy server to crash. If the Squid proxy is deployed as a reverse proxy, the web servers relying on the proxy may also be affected.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IPCop||Affected||10 Dec 2007||11 Dec 2007|
|Red Hat, Inc.||Affected||10 Dec 2007||11 Dec 2007|
|Squid||Affected||-||10 Dec 2007|
|SUSE Linux||Affected||10 Dec 2007||18 Jan 2008|
|Apple Computer, Inc.||Not Affected||10 Dec 2007||11 Dec 2007|
|Microsoft Corporation||Not Affected||10 Dec 2007||11 Dec 2007|
|NetBSD||Not Affected||10 Dec 2007||11 Dec 2007|
|Openwall GNU/*/Linux||Not Affected||10 Dec 2007||11 Dec 2007|
|Slackware Linux Inc.||Not Affected||10 Dec 2007||10 Dec 2007|
|Conectiva Inc.||Unknown||10 Dec 2007||10 Dec 2007|
|Cray Inc.||Unknown||10 Dec 2007||10 Dec 2007|
|Debian GNU/Linux||Unknown||10 Dec 2007||10 Dec 2007|
|EMC Corporation||Unknown||10 Dec 2007||10 Dec 2007|
|Engarde Secure Linux||Unknown||10 Dec 2007||10 Dec 2007|
|F5 Networks, Inc.||Unknown||10 Dec 2007||10 Dec 2007|
CVSS Metrics (Learn More)
The Squid proxy team credits the Wikimedia Foundation for discovering this vulnerability. Adrian Chadd and Henrik Nordstrom are credited for authoring patches that address the issue.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-6239
- Date Public: 27 Nov 2007
- Date First Published: 10 Dec 2007
- Date Last Updated: 18 Jan 2008
- Severity Metric: 7.51
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.