CVE-2013-0189

Related Files

Gentoo Linux Security Advisory 201309-22

Posted Sep 27, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-22 - Multiple vulnerabilities have been found in Squid, possibly resulting in remote Denial of Service. Versions less than 3.2.13 are affected.

tags | advisory, remote, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2009-0801, CVE-2011-4096, CVE-2012-5643, CVE-2013-0189, CVE-2013-1839, CVE-2013-4115, CVE-2013-4123

SHA-256 | 0c44f7d361e4ed8a9c424771c417f381ffacb9d1092ef7260b173349c11cc6d9

Download | Favorite | View

Mandriva Linux Security Advisory 2013-129

Posted Apr 11, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-129 - Due to missing input validation, the Squid cachemgr.cgi tool in Squid before 3.1.22 and 3.2.4 is vulnerable to a denial of service attack when processing specially crafted requests. It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack.

tags | advisory, remote, denial of service, cgi

systems | linux, mandriva

advisories | CVE-2012-5643, CVE-2013-0189

SHA-256 | 97deec2c2c183d9f878b2d19472e46b1883e54a186646f40f86cde608e8d86b5

Download | Favorite | View

Debian Security Advisory 2631-1

Posted Feb 25, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2631-1 - Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi.

tags | advisory, web, denial of service, cgi, memory leak

systems | linux, debian

advisories | CVE-2012-5643, CVE-2013-0189

SHA-256 | 62ad006b2455956a38e0d73d9d4610a63b827cbb6ef605de9084d4d383314ac6

Download | Favorite | View

Mandriva Linux Security Advisory 2013-013

Posted Feb 20, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-013 - Multiple vulnerabilities has been found and corrected in Squid. Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via long POST requests, or crafted authentication credentials. cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service via a crafted request. NOTE: this issue is due to an incorrect fix for possibly involving an incorrect order of arguments or incorrect comparison. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, cgi, vulnerability, memory leak

systems | linux, mandriva

advisories | CVE-2012-5643, CVE-2013-0189

SHA-256 | 5d5f69e81a32849b1999089a698c6a5586a8a41760ae2ffa2fdbb0728609733f

Download | Favorite | View

Ubuntu Security Notice USN-1713-1

Posted Jan 31, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1713-1 - It was discovered that squid's cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack.

tags | advisory, remote, denial of service, cgi

systems | linux, ubuntu

advisories | CVE-2012-5643, CVE-2013-0189, CVE-2012-5643, CVE-2013-0189

SHA-256 | 9d97517571b73923a15aeb84a647627412eb894f960c5b3782a66d7f74189a9d

Download | Favorite | View