[Bug 907687] [NEW] CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port
Mahyuddin Susanto
saya at udienz.web.id
Thu Dec 22 09:17:14 UTC 2011
Public bug reported:
Description
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0639
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
http://www.ubuntu.com/usn/usn-904-1
patch:
http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch
** Affects: squid3 (Ubuntu)
Importance: Undecided
Assignee: Mahyuddin Susanto (udienz)
Status: In Progress
** Changed in: squid3 (Ubuntu)
Status: New => In Progress
** Changed in: squid3 (Ubuntu)
Assignee: (unassigned) => Mahyuddin Susanto (udienz)
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0639
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to squid3 in Ubuntu.
https://bugs.launchpad.net/bugs/907687
Title:
CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via
crafted packets to the HTCP port
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/907687/+subscriptions
More information about the Ubuntu-server-bugs
mailing list